Skip to content

Commit

Permalink
Improved: Prevent URL parameters manipulation (OFBIZ-13147)
Browse files Browse the repository at this point in the history 
We need only 1 allowedToken

Conflict handled by hand
  • Loading branch information
@JacquesLeRoux
JacquesLeRoux committed Nov 20, 2024
1 parent b373743 commit 89cf6bd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion framework/security/config/security.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,7 @@ deniedWebShellTokens=$SHA$OFBiz$c_93W08vqLMlJHjOZ7_A6Wcaenw,$SHA$OFBiz$SigPYIfwa
#-- SHA-1 versions of tokens containing (as String) at least one deniedWebShellTokens
#-- This is notably used to allow special values in query parameters.
#-- If you add a token beware that it does not content ",". It's the separator.
allowedTokens=$SHA$OFBiz$EP-l2t4A_60cRYYnEqEaSiDjfrs,$SHA$OFBiz$JG1RWjLnFzQOpNRUqllybbbfyOE
allowedTokens=$SHA$OFBiz$488OJhFI6NUQlvuqRVFHq6_KN8w

allowStringConcatenationInUploadedFiles=false

Expand Down

0 comments on commit 89cf6bd

Please sign in to comment.