[#32792] - Expound some knowledge
- Fixed in Code Base
- 21 Mar 2021
- Medium
- Build: 4.0-dev
- # 32792
- Diff
- PhilETaylor:info
User tests: Successful: Unsuccessful:
Signed-off-by: Phil E. Taylor phil@phil-taylor.com
Pull Request for Issue # .
Summary of Changes
Expound some knowledge..
Why is this (still) here?
Because hackers still try urls with mosConfig_* and Url Injection with =http[s]:// and we dont want to log/redirect these requests
Also improved the test to check for Url Injection with https:// urls.
Testing Instructions
Enable redirects, create a redirect FROM 123 to 321
go to http://example.com/123?asd=http:// and note your get a 404 NOT FOUND and not the redirect to /321
Actual result BEFORE applying this Pull Request
A question unanswered
A badly implemented security test which doesn't take into account https:// prefixed hacker Url Injection urls
Expected result AFTER applying this Pull Request
Institutional knowledge is preserved.
A "better" implemented security test which takes into account https:// prefixed hacker Url Injection urls
Documentation Changes Required
None
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Front End Plugins |
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-03-21 23:34:37 |
| Closed_By | ⇒ | wilsonge | |
| Labels |
Added:
?
|
||
Good shout. Thanks!