[MGNLETK-112] Path handle is stripped twice thus access to another site is sometimes possible Created: 20/Dec/13  Updated: 10/Jan/14  Resolved: 10/Jan/14

Status: Closed
Project: Extended Templating Kit (closed)
Component/s: None
Affects Version/s: 1.4.6, 2.0.15
Fix Version/s: 2.0.16

Type: Bug Priority: Critical
Reporter: Ondrej Chytil Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
is cloned by MGNLETK-120 CLONE - Path handle is stripped twice... Closed
is cloned by MULTISITE-11 Path handle is stripped twice thus ac... Closed
Relates
relates to MGNLETK-108 Cross site access should not possible... Closed
dependency
depends upon MAGNOLIA-5589 Statement StringUtils.removeStart(han... Closed
relation
Template:
Acceptance criteria:
Empty
Release notes required:
Yes
Date of First Response:

 Description   

With site settings
site1 mapped to page page1 and domain www.domain1.com
site2 mapped to page page2 and domain www.domain2.com
and CrossSiteSecurityFilter restricting access from one to another there is a way to access first level page from other domain by calling:
www.domain1.com/page1/page2
www.domain2.com/page2/page1



 Comments   
Comment by Richard Unger [ 10/Jan/14 ]

Hi,

We would need the fix for magnolia 4.4 as well...

Regards from Vienna,

Richard

Comment by Jaroslav Simak [ 10/Jan/14 ]

Hi Richard,

there is a ticket for the 4.4 branch - please see MGNLETK-120. So i will close this ticket.

Regards,
Jaroslav

Generated at Mon Feb 12 01:48:35 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.