Details
-
Improvement
-
Resolution: Fixed
-
High
-
None
-
None
-
None
-
eZ Publish 4.7 (eZ Demo) + eZ Comments 1.4
Description
The eZ Comments extension includes a full URL on the "RedirectURI" parameter on the generated POST requests e.g.
/fre/comment/add|ContentObjectID=5060&CommentLanguageCode=fre-FR&RedirectURI=http://www-pp.dircomaxafrance.intraxa/fre/TEST-FLM#lastcomment&CommentParentCommentID=0&CommentName=&CommentEmail=&CommentContent=&CommentRememberme=1&AddCommentButton=Ajouter+un+commentaireurl'
The "RedirectURI" parameter should not include the full URL (including http://www-pp.dircomaxafrance.intraxa), only the relative URI. As it is, comments can be blocked by tight security rules, even though this poses no security risks.
Steps to Reproduce
1. Install eZ Publish eZ Demo, which already includes the eZ Comments 1.4;
2. OPen firebug;
3. Create a new comment on an existing blog post;
4. Firebug (Firebug->Net->All->Post->Source) will list the following:
/fre/comment/add|ContentObjectID=5060&CommentLanguageCode=fre-FR&RedirectURI=http://www-pp.dircomaxafrance.intraxa/fre/TEST-FLM#lastcomment&CommentParentCommentID=0&CommentName=&CommentEmail=&CommentContent=&CommentRememberme=1&AddCommentButton=Ajouter+un+commentaireurl'