[
https://issues.apache.org/jira/browse/OFBIZ-13147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896709#comment-17896709
]
ASF subversion and git services commented on OFBIZ-13147:
---------------------------------------------------------
Commit 8bb054b67fd32cc9976a4b87e913e83a2ed2b807 in ofbiz-framework's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=8bb054b67f ]
Improved: Prevent URL parameters manipulation (OFBIZ-13147)
I have refactored SecuredUpload a bit by clearly separating what is used for
web shell in uploaded files and reverse shell in query strings.
The idea is also to keep as much as possible securing code in SecuredUpload.
Even if now more than upload is concerned.
> Prevent URL parameters manipulation
> -----------------------------------
>
> Key: OFBIZ-13147
> URL: https://issues.apache.org/jira/browse/OFBIZ-13147
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS, ALL PLUGINS
> Affects Versions: 18.12.16
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.17
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
