Skip to content
Permalink
Browse files Browse the repository at this point in the history
Security fix: prevent cache poisoning with the Referer header.
See [security advisory](GHSA-g4c2-ghfg-g5rh).
  • Loading branch information
mauritsvanrees committed Jan 21, 2022
1 parent b9f97cb commit fc793f8
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
Expand Up @@ -46,15 +46,19 @@
<body>

<div id="content-core">
<tal:block define="referer request/HTTP_REFERER;
url_tool nocall:context/portal_url;
referer python:referer if referer and url_tool.isURLInPortal(referer) else '';">
<a href=""
tal:attributes="href request/HTTP_REFERER"
tal:condition="request/HTTP_REFERER"
tal:attributes="href referer"
tal:condition="referer"
><span i18n:translate="label_back_to_site">Back to site</span><br /><tal:block replace="structure context/tag" /></a>

<a href=""
tal:attributes="href context/portal_url"
tal:condition="not: request/HTTP_REFERER"
tal:attributes="href python:url_tool()"
tal:condition="not: referer"
><span i18n:translate="label_home">Home</span><br /><tal:block replace="structure context/tag" /></a>
</tal:block>
</div>

</body>
Expand Down
3 changes: 3 additions & 0 deletions news/1.bugfix
@@ -0,0 +1,3 @@
Security fix: prevent cache poisoning with the Referer header.
See `security advisory <https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh>`.
[maurits]

0 comments on commit fc793f8

Please sign in to comment.