• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7700 for generic doc work for TWiki-6.0.2. Use View topic Item7703 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

The security team was alerted of a redirect issue that can be used by phishing attacks. You can use a topic=http://anysite.com to redirect to any site. This is a feature documented at TWiki:TWiki04/TWikiSkins#The_Go_Box_and_Navigation_Box

Fix: Make the topic=url feature aware of the {AllowRedirectUrl} configure flag.

-- PTh

4.1.0 released

KJL

ItemTemplate
Summary Security: Make topic="" parameter aware of {AllowRedirectUrl} configure flag
ReportedBy TWiki:Main.PeterThoeny
Codebase ~twiki4
SVN Range TWiki-4.1, Thu, 14 Dec 2006, build 12269
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins 12291
TargetRelease minor
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2007-01-16 - KennethLavrsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback