Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
[Resolved] doubled slash in url before /textpattern
Hello,
I just noticed a little detail, don’t know if it is of any importance.
To get into the admin’s section I can enter the site url both with: http://sitename.de/textpattern and with http://sitename.de//textpattern
Usually I’d guess the second url was wrong and should provoke a 404-Error (or redirect to the start page).
Instead of this, textpattern asks me a new authentification (I tried this more times: everytime when I change between /textpattern and //textpattern, I always have to login another time)
This possibility seems strange to me, specially when I watch the tentatives of various spammers to get into my blog using “//blog” or kind of that. Couldn’t this be a possible security issue? Or is it just part of a flexible rewrite-management?
thanks
Goncourt
Last edited by goncourt (2008-08-02 09:28:59)
Offline
Re: [Resolved] doubled slash in url before /textpattern
It’s a “stannard behaviour”: You can with almost all browsers [and server+code/system that they use (coz it depends on both)] type multiple slashes and it requests the correct page.
But why then txp asks new cookie? ‘Cause the requested page is different, and the cookie is for the different path, for that which was used upon the existing login.
And this “bug report” is quite “WTF”. It’s just a slash, nothing more. Same as calling Google and saing “hey, this is a bug, i can enter your site by using multiple slashes, omg!!!?!!! FIX it, it must be security hole!!!!” :D And anyway, where is the security issue or hole? It asks new login, didn’t you notice. ;)
Last edited by Gocom (2008-08-02 08:12:48)
Offline
Re: [Resolved] doubled slash in url before /textpattern
There wasn’t any “omg” in my post ;) Thanks for your answer.
Last edited by goncourt (2008-08-02 08:46:31)
Offline