You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. get a random session token from PWM
2. follow the redirect to validate your client
3. the session token after the redirect will be filtered if it contains the
string "href"
What version of PWM are you using?
trunk
Please paste any error log messages below:
The session validation token contains the keyword “href” which is
considered malicious by the input validator, therefore the input is discarded
before the session validator can process it and the user ends in a redirect
loop.
2015-03-06 07:55:39, WARN , pwm.Validator, removing potentially malicious
string values from input, converting
'vUzSjfRR2RNB2tHReFJnzKhmwNJw25nt14bedde39f2' newValue='
pattern='(?s)(?i).href.'
Original issue reported on code.google.com by [email protected] on 24 Jun 2015 at 1:11
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]on 24 Jun 2015 at 1:11The text was updated successfully, but these errors were encountered: