This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 59e79c6f39 Improved: Prevent URL parameters manipulation (OFBIZ-13147)
59e79c6f39 is described below
commit 59e79c6f39beb031cf2b476215b0701745725a64
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Nov 20 12:07:45 2024 +0100
Improved: Prevent URL parameters manipulation (OFBIZ-13147)
We need only 1 allowedToken
Conflict handled by hand
---
framework/security/config/security.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index 504d8013bf..65ad284b38 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -241,7 +241,7 @@
deniedWebShellTokens=$SHA$OFBiz$c_93W08vqLMlJHjOZ7_A6Wcaenw,$SHA$OFBiz$SigPYIfwa
#-- SHA-1 versions of tokens containing (as String) at least one
deniedWebShellTokens
#-- This is notably used to allow special values in query parameters.
#-- If you add a token beware that it does not content ",". It's the separator.
-allowedTokens=$SHA$OFBiz$EP-l2t4A_60cRYYnEqEaSiDjfrs,$SHA$OFBiz$JG1RWjLnFzQOpNRUqllybbbfyOE
+allowedTokens=$SHA$OFBiz$488OJhFI6NUQlvuqRVFHq6_KN8w
allowStringConcatenationInUploadedFiles=false
