[
https://issues.apache.org/jira/browse/GERONIMO-4641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12712144#action_12712144
]
Rex Wang commented on GERONIMO-4641:
------------------------------------
After Shawn's patch of GERONIMO-4640, there still some problems on the filter
side.
eg: click button in the "Import from JBoss 4" portlet.
When a <form> has enctype="multipart/form-data", the XSRFHandler can not get
anything by the request.getParameter("formId").
GERONIMO-4641-b21.patch can resolve this.
-Rex
> XSSXSRFFilter cause some link failure
> --------------------------------------
>
> Key: GERONIMO-4641
> URL: https://issues.apache.org/jira/browse/GERONIMO-4641
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Affects Versions: 2.1.4, 2.1.5, 2.2
> Reporter: Rex Wang
> Assignee: Rex Wang
> Fix For: 2.1.5, 2.2
>
> Attachments: GERONIMO-4641-b21.patch
>
>
> the XSSXSRFFilter will cause the link failure when the content contains some
> special char.
> such as
> the links in Database Pools portlet
> "Import from JBoss 4 "
> "Import from WebLogic 8.1 "
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
