Unvalidated Redirect Case09 use configured host#8
Conversation
kingthorin
force-pushed
the
redir-case09-fix
branch
5 times, most recently
from
d9151a8 to
5814ffc
Compare
|
I'm not sure why it's showing end of file changes. I think it's a GitHub UI issue. Copilot claims it's just line number changes and there's no actual content change..... 🤷♂️ (If you Hide Whitespace then they're ignored.) |
|
Has conflicts |
kingthorin
force-pushed
the
redir-case09-fix
branch
from
5814ffc to
9b88a4d
Compare
|
Hopefully that's better |
|
The conflict was addressed but no other comments. |
|
The formatting/alignment was adjusted, and the commented code removed and explanation comment revised. |
|
Ugh, broken with a reset along the way.....fix coming |
|
I'm leaving it conflicting for the time being until leading white space is actually addressed, #10 didn't get it all. |
|
I'm not planning on making any more whitespace changes for now. But I have some other changes needed for #11 ... |
|
So should I be using just spaces for changed lines or should I be maintaining whatever weird mix? |
|
Ideally spaces at the start of all lines, although if its one of the files that wasnt changed then whatever looks good? |
kingthorin
force-pushed
the
redir-case09-fix
branch
from
8bfe161 to
db9e265
Compare
|
Okay, hopefully this works for now and can get in before the next conflict 😀 |
kingthorin
force-pushed
the
redir-case09-fix
branch
from
db9e265 to
93d2e8b
Compare
kingthorin
force-pushed
the
redir-case09-fix
branch
from
93d2e8b to
e40fe20
Compare
|
Hopefully got both those. |
kingthorin
force-pushed
the
redir-case09-fix
branch
5 times, most recently
from
6075c8c to
4b11b28
Compare
kingthorin
force-pushed
the
redir-case09-fix
branch
4 times, most recently
from
afce8ad to
7f27c87
Compare
|
lgtm but the changelog could be updated. |
Signed-off-by: kingthorin <kingthorin@users.noreply.github.com> # Conflicts: # CHANGELOG.md
kingthorin
force-pushed
the
redir-case09-fix
branch
from
7f27c87 to
22730c4
Compare
|
CHANGELOG updated. |
|
Thank you! |
3 participants
Unvalidated-Redirect/Redirect-FalsePositives-GET/Case09... now uses the first configured host name (identified via JMX) instead of the requested host name (which would have been from a manipulated Host header).
I've changed the code only for that specific case as I wasn't sure of the impact(s) elsewhere in wavsep.