#3217 - ModSecurity URL-in-URL workaround
-
By Chris Graham
- Added
- 0 views
| Identifier | #3217 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | ModSecurity URL-in-URL workaround |
| Status | Completed |
| Tags |
Risk: Core rearchitecting (custom) Type: Cross-cutting feature (custom) |
| Handling member | Chris Graham |
| Addon | core |
| Description | ModSecurity may whine if you pass a URL within a GET parameter.
To resolve this we can update our get_param_string/post_param_string calls to be able to decode URLs from a special encoding, if the is-a-URL signal was passed to them. Or, we can make get_param_url and post_param_url. Then we need to encode it in any calls to build_url or form_input_hidden. A pain in the ass, but achievable. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments