[jira] [Comment Edited] (SLING-3141) AbstractAuthenticationFormServlet should make sure resource is a valid redirect

Carsten Ziegeler (JIRA) Tue, 01 Oct 2013 05:12:22 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-3141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782858#comment-13782858
 ]


Carsten Ziegeler edited comment on SLING-3141 at 10/1/13 12:09 PM:
-------------------------------------------------------------------

Fixed by using the helper method AuthUtil.isRedirectValid and additionally 
escaping <, >, &, " and '
Revision 1528062


was (Author: cziegeler):
Fixed by using the helper method AuthUtil.isRedirectValid and additionally 
escaping <, >, &, " and '


> AbstractAuthenticationFormServlet should make sure resource is a valid 
> redirect
> -------------------------------------------------------------------------------
>
>                 Key: SLING-3141
>                 URL: https://issues.apache.org/jira/browse/SLING-3141
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.1.2
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>             Fix For: Auth Core 1.1.4
>
>
> The resource paramter should be checked to be a valid redirect value in 
> AbstractAuthenticationFormServlet



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Comment Edited] (SLING-3141) AbstractAuthenticationFormServlet should make sure resource is a valid redirect

Reply via email to