This repository has been archived by the owner on May 24, 2018. It is now read-only.
Missing warning for wildcard routes in zend.mvc.routing.rst #1320
Comments
|
We already suggest that |
|
@Ocramius |
|
@Freeaqingme yes, they should both be avoided, as misuse typically leads to security issues (people using route guards) |
|
@Ocramius |
malukenho
pushed a commit
to malukenho/zf2-documentation
that referenced
this issue
Oct 15, 2014
…and for query route type
malukenho
pushed a commit
to malukenho/zf2-documentation
that referenced
this issue
Oct 15, 2014
…and for query route type
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
During a pentest I encountered some routing configuration that used Zend\Mvc\Router\Http\Wildcard as a type. This allowed me to change routing parameters, like the controller. This is a potential security issue, but I can't find a warning for this in the routing documentation. Please add this warning, telling users that using the wildcard type is a potential security issue.
The text was updated successfully, but these errors were encountered: