In-Portal Issue Tracker - In-Portal CMS
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Type: | Reproducibility: | Date Submitted: | Last Update: |
332 | [In-Portal CMS] Security | bug report | always | 2009-09-28 09:25 | 2010-01-11 22:05 |
|
|||||
Reporter: | alex | Platform: | |||
Assigned To: | alex | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | 5.0.1 | ||
Product Build: | Resolution: | fixed | |||
ETA: | none | Fixed in Version: | 5.0.2 | ||
Reference: | |||||
Change Log Message: | |||||
Estimate Points: | 0 | ||||
|
|||||
Summary: | 0000332: Some of new .htaccess protection rules actually gives Forbidden error on Apache 1.3 | ||||
Description: |
Some of new .htaccess protection rules actually gives Forbidden error on Apache 1.3. For example on this url /admin/index.php?env=-popups/editor:m0--1--s-2:form-1---t2&TargetField=form[1][Description] Rule RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] Reacts on that url "script" part not even searching for "<" or ">" and makes it Forbidden. That particular url is used to open FCKEditor on Description field during form editing. |
||||
Steps To Reproduce: | |||||
Additional Information: | |||||
Relationships | |||||
Attached Files: | |||||
|
|||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2010-01-11 22:05 | Dmitry | Note Added: 0001404 | |||
2010-01-11 22:05 | Dmitry | Status | resolved => closed | ||
2009-09-28 14:22 | alex | Fixed in Version | => 5.0.2 | ||
2009-09-28 14:22 | alex | Note Added: 0000575 | |||
2009-09-28 14:22 | alex | Status | needs feedback => resolved | ||
2009-09-28 14:22 | alex | Resolution | open => fixed | ||
2009-09-28 14:22 | alex | Changeset attached | 5.0.x r12628 | ||
2009-09-28 11:17 | Dmitry | Note Added: 0000571 | |||
2009-09-28 11:17 | Dmitry | Assigned To | Dmitry => alex | ||
2009-09-28 11:17 | Dmitry | Status | needs work => needs feedback | ||
2009-09-28 11:17 | Dmitry | Status | needs feedback => needs work | ||
2009-09-28 09:27 | alex | Note Added: 0000570 | |||
2009-09-28 09:27 | alex | Assigned To | => Dmitry | ||
2009-09-28 09:27 | alex | Status | active => needs feedback | ||
2009-09-28 09:25 | alex | Target Version | => 5.0.2 | ||
2009-09-28 09:25 | alex | New Issue | |||
2009-09-28 09:25 | alex | Patch Status | => Not Used |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|