[Mono-bugs] [Bug 76013][Nor] Changed - [PATCH] Keys from Cookie and
from URL in HTTP Get Request are merged
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Fri Sep 9 15:21:44 EDT 2005
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by kornelpal at hotmail.com.
http://bugzilla.ximian.com/show_bug.cgi?id=76013
--- shadow/76013 2005-09-09 04:02:39.000000000 -0400
+++ shadow/76013.tmp.11431 2005-09-09 15:21:44.000000000 -0400
@@ -11,13 +11,13 @@
AssignedTo: toshok at ximian.com
ReportedBy: matthiasf at voelcker.com
QAContact: mono-bugs at ximian.com
TargetMilestone: ---
URL:
Cc:
-Summary: Keys from Cookie and from URL in HTTP Get Request are merged
+Summary: [PATCH] Keys from Cookie and from URL in HTTP Get Request are merged
Attached is a TestCase which can easily be run with xsp.
Just access the "WebForm1.aspx" which creates the cookie and then click the
link.
Steps to reproduce the problem:
@@ -98,6 +98,17 @@
convenience so that the last username and preferred language is
stored.We just changed the keys in the cookie to achieve compliant
behavior...
Looking forward to patch though, thanks :-)
+
+------- Additional Comments From kornelpal at hotmail.com 2005-09-09 15:21 -------
+The patch is in http://lists.ximian.com/pipermail/mono-devel-
+list/2005-September/014597.html.
+
+Someone please approve it.
+
+If you need the value from the query string (in URL), use
+Request.QueryString["User"]. Then you will get no Cookie values.
+Using the mixture of all the different kinds of parameters may lead
+to a security hole in your application.
More information about the mono-bugs
mailing list