search

google-code-export / django-page-cms

Automatically exported from code.google.com/p/django-page-cms
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Same page is accessible by different urls #202

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Create a page, say /slug/
2. View it at /slug/
3. View it at /a/b/c///e/f/slug/

What is the expected output? What do you see instead?
Expect to view 404. Instead of that - 200.

Using master release of cms.

Surely, a user cannot point to the page from anywhere having gibberish 
character before the real url, but I don't think that's right. That's a bug to 
me.

Original issue reported on code.google.com by tezro...@gmail.com on 18 Jun 2010 at 11:00

GoogleCodeExporter commented 9 years ago 
That's true that no further check is done if the slug match. It would be very 
easy to add and raise a 404.

A user would be always allowed to add gibberish to any URL:

http://www.bbc.co.uk/?hello=gibberish

Is that really important?

Original comment by batiste....@gmail.com on 18 Jun 2010 at 12:56

GoogleCodeExporter commented 9 years ago 
Hmm, I'm not really sure how important that is... But, there's 
http://news.bbc.co.uk/sport/ but no http://news.bbc.co.uk/a/b/c/sport/ :) Get 
it? I' mean shouldn't be the full url of a page unique across the requested 
address?

Original comment by tezro...@gmail.com on 18 Jun 2010 at 6:09