More in this section

Forums / General Discussions / SF stripping second = from URL parameter

SF stripping second = from URL parameter

2 posts, 0 answered
  1. Bryan
    Bryan avatar
    14 posts
    20 Aug 2008
    19 Aug 2010
    Link to this post
    We have a custom login module that we use with our SiteFinity installations. We are running into a redirect URL problem post authentication. From a 3rd party application a user is routed to the login page within SF. The URL looks like this:

    Whats tricky about this URL is that there is a query string parameter inside another query string parameter. If we run this login control outside of SF we are able to read the rpath query parameter as:

    However with the login module inside a SF page everything after the second "=" gets stripped off, so when we do a request.querystring("rpath") we only get:

    Its missing the =9, which breaks the redirect. Is there a way to tell SF to not strip this off? I assume this is a security issue similar to adding javascript to general content controls? Is there a web.config setting we can make to tell SF to not alter URL strings as there is for adding javascript to general content controls? Or some other setting(s)?

  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    12 Sep 2017
    19 Aug 2010
    Link to this post
    Hello Bryan,

    Sitefinity uses standard ASP.NET Login control and we are not making explicitly escaping of any QueryStrings or altering the URLs. You can create a test IHttpModule and inside BeginRequest you can see the url that comes to Sitefinity.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered