Uploaded image for project: 'Extended Templating Kit (closed)'
  1. Extended Templating Kit (closed)
  2. MGNLETK-112

Path handle is stripped twice thus access to another site is sometimes possible

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.4.6, 2.0.15
    • Fix Version/s: 2.0.16
    • Component/s: None
    • Labels:
    • Release notes required:
      Yes

      Description

      With site settings
      site1 mapped to page page1 and domain www.domain1.com
      site2 mapped to page page2 and domain www.domain2.com
      and CrossSiteSecurityFilter restricting access from one to another there is a way to access first level page from other domain by calling:
      www.domain1.com/page1/page2
      www.domain2.com/page2/page1

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jsimak Jaroslav Simak
                Reporter:
                ochytil Ondrej Chytil
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: