Page 1 of 1

Url redirecting to domain base url and not accepting dot

Posted: Wed May 10, 2017 12:46 pm
by reserveld
Hi

When we are refreshing the pages like this

http://domain.com/tracks/public/project ... 1464790393

It is redirecting to base home page to http://domain.com.

We found out that when we remove this &sortfields=issues.last_updated%3Ddesc from querystring it works fine. It seems that querystring is not accepting the dot. Can please someone help me to resolve this issue.

Thank You

Re: Url redirecting to domain base url and not accepting dot

Posted: Thu May 11, 2017 10:50 am
by reserveld
Ok, we found the base issue is with "="(equals) sign in value, like below

?fs[project_id][o]==&fs[project_id][v]=3&fs[issuetype][o]==&fs[issuetype][v]=2,3&filters_issuetype_value_2=2&filters_issuetype_value_3=3&fs[status][o]==&fs[status][v]=closed&filters_status_value_closed=closed&fs[category][o]==&fs[category][v]=&sortfields=issues.last_updated~desc&fs[text][o]==&fs[text][v]=&scs_current_template=&template=results_normal&template_parameter=&grouporder=desc&groupby=issuetype&issues_per_page=50&fs[last_updated][o]=>=&fs[last_updated][v]=1475326677&filters_last_updated_operator_after=>=

Can someone please help me to get this resolved.

Thank You

Re: Url redirecting to domain base url and not accepting dot

Posted: Thu May 11, 2017 12:53 pm
by zegenie
What web server are you running this on?

Re: Url redirecting to domain base url and not accepting dot

Posted: Mon May 15, 2017 3:10 pm
by reserveld
I finally resolve the issue. I was using CentOS and this needs to taken in care in code also.

You are using equals sign which is disabled by mysql attack based on injections in query string. So the only solution was to disable that module to make this work.

Please remove these querystring in future release, so that we can make server more secure.

Thank You