I'm using sitecore 5.3 and need to be able to remove the extra query string parameters that sitecore inserts (item=%2faeuaoeu&user=extranet\Anonymous&site=thl) when redirecting to the 404 page specified in ItemNotFoundUrl.
In Sitecore 6 I can set
<setting name="RequestErrors.UseServerSideRedirect" value="true"/>
and it works but that setting doesn't exist in sitecore 5.3
I need it so I can fix this asp.net vulnerability
Edit: Sitecore's official response has been described in this article
Besides item not found, there is also layout not found page with the same behavior.
You will need to create a custom version of Sitecore.Pipelines.HttpRequest.ExecuteRequest processor where you will be able to call custom version of the following methods:
private void HandleItemNotFound(HttpRequestArgs args)
private void HandleLayoutNotFound(HttpRequestArgs args)
Within these methods, you won't be attaching any query strings:
// old code:
WebUtil.Redirect(WebUtil.AddQueryString(itemNotFoundUrl, new string[] { "item", localPath, "user", userName, "site", str4 }), false);
}
//new code:
WebUtil.Redirect(itemNotFoundUrl, false);
I would recommend contacting official Sitecore tech support for a solution though.