Please sign in to comment.
Fix: Blackholed request when POSTing to a URL with space
Eg: Actual Posted URL: /admin/settings/settings/prefix/Access%20Control $_GET value: /admin/settings/settings/prefix/Access_Control Since $unsetUrl differs, the $_GET value will get copied in to CakeRequest::$query, causing CakeRequest::here() to return: /admin/settings/settings/prefix/Access%20Control?%2Fadmin%2Fsettings%2Fsettings%2Fprefix%2FAccess_Control= This confuses SecurityComponent in the following line: https://github.com/cakephp/cakephp/blob/f23d811ff59c50ef278e98bb75f4ec1e7e54a5b3/lib/Cake/Controller/Component/SecurityComponent.php#L514
- Loading branch information...
Showing with 15 additions and 1 deletion.