Url redirecting to domain base url and not accepting dot

Get help using, installing and / or configuring The Bug Genie here
Post Reply
reserveld
Posts: 3
Joined: Wed May 10, 2017 10:40 am

Url redirecting to domain base url and not accepting dot

Post by reserveld » Wed May 10, 2017 12:46 pm

Hi

When we are refreshing the pages like this

http://domain.com/tracks/public/project ... 1464790393

It is redirecting to base home page to http://domain.com.

We found out that when we remove this &sortfields=issues.last_updated%3Ddesc from querystring it works fine. It seems that querystring is not accepting the dot. Can please someone help me to resolve this issue.

Thank You

reserveld
Posts: 3
Joined: Wed May 10, 2017 10:40 am

Re: Url redirecting to domain base url and not accepting dot

Post by reserveld » Thu May 11, 2017 10:50 am

Ok, we found the base issue is with "="(equals) sign in value, like below

?fs[project_id][o]==&fs[project_id][v]=3&fs[issuetype][o]==&fs[issuetype][v]=2,3&filters_issuetype_value_2=2&filters_issuetype_value_3=3&fs[status][o]==&fs[status][v]=closed&filters_status_value_closed=closed&fs[category][o]==&fs[category][v]=&sortfields=issues.last_updated~desc&fs[text][o]==&fs[text][v]=&scs_current_template=&template=results_normal&template_parameter=&grouporder=desc&groupby=issuetype&issues_per_page=50&fs[last_updated][o]=>=&fs[last_updated][v]=1475326677&filters_last_updated_operator_after=>=

Can someone please help me to get this resolved.

Thank You

User avatar
zegenie
Site Admin
Posts: 42
Joined: Sun Jan 31, 2016 8:20 pm

Re: Url redirecting to domain base url and not accepting dot

Post by zegenie » Thu May 11, 2017 12:53 pm

What web server are you running this on?

reserveld
Posts: 3
Joined: Wed May 10, 2017 10:40 am

Re: Url redirecting to domain base url and not accepting dot

Post by reserveld » Mon May 15, 2017 3:10 pm

I finally resolve the issue. I was using CentOS and this needs to taken in care in code also.

You are using equals sign which is disabled by mysql attack based on injections in query string. So the only solution was to disable that module to make this work.

Please remove these querystring in future release, so that we can make server more secure.

Thank You

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests