Uploaded image for project: 'Magnolia Resources Module'
  1. Magnolia Resources Module
  2. MGNLRES-281

FTL and YAML files are exposed over the /resources URI2RepositoryMapping

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • 2.4.8, 2.5
    • 2.4.6
    • None
    • Yes
    • Yes
    • Basel 62
    • 8

      In order to use the processed resources app, one has to enable the URI2RepositoryMapping for the resources workspace. Since 5.4 the resources workspace contains FTL and YAML files, and these are exposed to the website user over the mapping.

      The new resourcing has security checks in place exactly for this reason (hardcoded in ResourcesServlet for yaml, ftl, class, java).

      Please add equivalent security checks to the processed resources app.

      Proposed Solution

      Proposal can be found at https://wiki.magnolia-cms.com/pages/viewpage.action?pageId=125176642

        Acceptance criteria

          1. config-details.png
            config-details.png
            76 kB

              ilgun Ilgun Ilgun
              bvass Bence Vass
              Nucleus
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0d
                    0d
                    Logged:
                    Time Spent - 1d 7.75h
                    1d 7.75h