Uploaded image for project: 'Magnolia Resources Module'
  1. Magnolia Resources Module
  2. MGNLRES-281

FTL and YAML files are exposed over the /resources URI2RepositoryMapping

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 2.4.8, 2.5
    • 2.4.6
    • None
    • Yes
    • Yes
    • Basel 62
    • 8

    Description

      In order to use the processed resources app, one has to enable the URI2RepositoryMapping for the resources workspace. Since 5.4 the resources workspace contains FTL and YAML files, and these are exposed to the website user over the mapping.

      The new resourcing has security checks in place exactly for this reason (hardcoded in ResourcesServlet for yaml, ftl, class, java).

      Please add equivalent security checks to the processed resources app.

      Proposed Solution

      Proposal can be found at https://wiki.magnolia-cms.com/pages/viewpage.action?pageId=125176642

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                ilgun Ilgun Ilgun
                bvass Bence Vass
                Nucleus
                Votes:
                1 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD

                    Time Tracking

                      Estimated:
                      Original Estimate - Not Specified
                      Not Specified
                      Remaining:
                      Remaining Estimate - 0d
                      0d
                      Logged:
                      Time Spent - 1d 7.75h
                      1d 7.75h