View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 3217 | Composr | core | public | 2017-04-10 18:49 | 2017-07-08 01:01 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Priority | normal | Severity | feature | ||
| Status | resolved | Resolution | fixed | ||
| Summary | 3217: ModSecurity URL-in-URL workaround | ||||
| Description | ModSecurity may whine if you pass a URL within a GET parameter. To resolve this we can update our get_param_string/post_param_string calls to be able to decode URLs from a special encoding, if the is-a-URL signal was passed to them. Or, we can make get_param_url and post_param_url. Then we need to encode it in any calls to build_url or form_input_hidden. A pain in the ass, but achievable. | ||||
| Tags | Risk: Core rearchitecting , Type: Cross-cutting feature | ||||
| Attach Tags | |||||
| Time estimation (hours) | 2 | ||||
| Sponsorship open | |||||
|
|
Update the tutorial when done, to reference that we have this workaround, and to report bugs if it fails. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-04-10 18:49 | Chris Graham | New Issue | |
| 2017-04-10 20:32 | Chris Graham | Note Added: 0004986 | |
| 2017-05-01 16:06 | Chris Graham | Tag Attached: Type: Cross-cutting feature | |
| 2017-05-01 16:06 | Chris Graham | Tag Attached: Risk: Core rearchitecting | |
| 2017-07-08 01:01 | Chris Graham | Status | Not Assigned => Resolved |
| 2017-07-08 01:01 | Chris Graham | Resolution | open => fixed |
| 2017-07-08 01:01 | Chris Graham | Assigned To | => Chris Graham |
