In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Dependency Graph View Issue ] Relation Graph ] Vertical ]
related to child of duplicate of

Viewing Issue Simple Details
ID Category Type Reproducibility Date Submitted Last Update
0000332 [In-Portal CMS] Security bug report always 2009-09-28 09:25 2010-01-11 22:05
Reporter alex View Status public  
Assigned To alex
Priority normal Resolution fixed  
Status closed      
Summary 0000332: Some of new .htaccess protection rules actually gives Forbidden error on Apache 1.3
Description Some of new .htaccess protection rules actually gives Forbidden error on Apache 1.3. For example on this url

/admin/index.php?env=-popups/editor:m0--1--s-2:form-1---t2&TargetField=form[1][Description]

Rule

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

Reacts on that url "script" part not even searching for "<" or ">" and makes it Forbidden. That particular url is used to open FCKEditor on Description field during form editing.
Additional Information



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker