File tree 2 files changed +11
-4
lines changed
Products/ATContentTypes/skins/ATContentTypes
2 files changed +11
-4
lines changed Original file line number Diff line number Diff line change 4646<body >
4747
4848<div id =" content-core" >
49+ <tal : block define =" referer request/HTTP_REFERER;
50+ url_tool nocall:context/portal_url;
51+ referer python:referer if referer and url_tool.isURLInPortal(referer) else '';" >
4952 <a href =" "
50- tal : attributes =" href request/HTTP_REFERER "
51- tal : condition =" request/HTTP_REFERER "
53+ tal : attributes =" href referer "
54+ tal : condition =" referer "
5255 ><span i18n : translate =" label_back_to_site" >Back to site</span ><br /><tal : block replace =" structure context/tag" /></a >
5356
5457 <a href =" "
55- tal : attributes =" href context/portal_url "
56- tal : condition =" not: request/HTTP_REFERER "
58+ tal : attributes =" href python:url_tool() "
59+ tal : condition =" not: referer "
5760 ><span i18n : translate =" label_home" >Home</span ><br /><tal : block replace =" structure context/tag" /></a >
61+ </tal : block >
5862</div >
5963
6064</body >
Original file line number Diff line number Diff line change 1+ Security fix: prevent cache poisoning with the Referer header.
2+ See `security advisory <https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh>`.
3+ [maurits]
You can’t perform that action at this time.
0 commit comments