#5770 - Forms specifying a redirect in the action are blocked by CSP – Composr CMS: Your Data, Your Privacy, Your Control

This is a spacer post for a website comment topic. The content this topic relates to: #5770 - Forms specifying a redirect in the action are blocked by CSP

By Guest posted 19th May 2024, 4:43 PM

Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

By Guest posted 25th Jul 2024, 6:35 PM

protect_url_parameter is supposed to be used. Also modify the function comment for protect_url_parameter, _protect_url_parameter, and comment in global2.php against INPUT_FILTER_MODSECURITY_URL_PARAMETER, to also mention browser reflected-XSS filtering.

By Guest posted 5th Sep 2024, 2:20 PM

I added several missing protect_url_parameter but I cannot consider this issue resolved because top_login was not one of them from which this issue originates.

top_login gets login URL (+ redirect) from global3.php get_login_url but this is already using protect_url_parameter. So there is another bug somewhere.