Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
4.2.0, 4.3, 4.4.0
-
Ibexa Open Source
Description
Currently there are no check done on the module and function names of security policies. Admin UI expects these to be limited to \w+ in route parameters.
There is no documentation the states these character limitations but looking at the source it seems to be the wanted behavior.