[
https://issues.apache.org/jira/browse/SLING-2120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu closed SLING-2120.
----------------------------------
> Add functionality to ignore some parameters from POST requests
> --------------------------------------------------------------
>
> Key: SLING-2120
> URL: https://issues.apache.org/jira/browse/SLING-2120
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
> Affects Versions: Servlets Post 2.1.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Servlets Post 2.1.2
>
>
> In certain situations a POST request is accompanied with request parameters
> that are to be ignored. Currently the Sling POST Servlet has two mechanisms
> to handle such parameters:
> - any parameter starting with a colon (:) is ignored, e.g. :operation
> - only parameters starting with "./" are considered if at least one
> parameter has this format
> In certain situations, more parameters might be submitted ending in the POST
> Servlet and then being written to the repository. For example if a user tries
> to authenticated with form based authentication supplying j_username and
> j_password parameters then if the Sling POST Servlet is erroneously hit,
> these values might get written to the repository.
> We should add functionality to specify regular expressions for parameters
> which are to be ignored (apart from the existing mechanism). The default
> would be "j_.*" to ignore any parameters starting with j_ generally used for
> authentication
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
