Skip to content

Commit

Permalink
Fixed: Prevent URL parameters manipulation (OFBIZ-13147)
Browse files Browse the repository at this point in the history
When using "requirement" in URI the "require" token in security.properties
blocks the URL. Actually we need "require(" not "require":
https://gist.github.com/khakimov/5130151
  • Loading branch information
JacquesLeRoux committed Dec 13, 2024
1 parent faf6032 commit d7a0221
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion framework/security/config/security.properties
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ deniedWebShellTokens=java.,beans,freemarker,<script,javascript,<body,body ,<form
%eval,@eval,eval(,runtime,import,passthru,shell_exec,assert,str_rot13,system,decode,include,page ,\
chmod,mkdir,fopen,fclose,new file,upload,getfilename,download,getoutputstring,readfile,iframe,object,embed,onload,build,\
python,perl ,/perl,ruby ,/ruby,process,function,class,InputStream,to_server,wget ,static,assign,webappPath,\
ifconfig,route,crontab,netstat,uname ,hostname,iptables,whoami,"cmd",*cmd|,+cmd|,=cmd|,localhost,thread,require,gzdeflate,\
ifconfig,route,crontab,netstat,uname ,hostname,iptables,whoami,"cmd",*cmd|,+cmd|,=cmd|,localhost,thread,require(,gzdeflate,\
execute,println,calc,touch,curl,base64, tcp ,4444,base32, tr , xxd ,bash, od ,|od ,printf,echo


Expand Down

0 comments on commit d7a0221

Please sign in to comment.