Add functionality to ignore some parameters from POST requests
--------------------------------------------------------------
Key: SLING-2120
URL: https://issues.apache.org/jira/browse/SLING-2120
Project: Sling
Issue Type: Improvement
Components: Servlets
Affects Versions: Servlets Post 2.1.0
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Servlets Post 2.1.2
In certain situations a POST request is accompanied with request parameters
that are to be ignored. Currently the Sling POST Servlet has two mechanisms to
handle such parameters:
- any parameter starting with a colon (:) is ignored, e.g. :operation
- only parameters starting with "./" are considered if at least one parameter
has this format
In certain situations, more parameters might be submitted ending in the POST
Servlet and then being written to the repository. For example if a user tries
to authenticated with form based authentication supplying j_username and
j_password parameters then if the Sling POST Servlet is erroneously hit, these
values might get written to the repository.
We should add functionality to specify regular expressions for parameters which
are to be ignored (apart from the existing mechanism). The default would be
"j_.*" to ignore any parameters starting with j_ generally used for
authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
