tags:

views:

14

answers:

1

I'm using sitecore 5.3 and need to be able to remove the extra query string parameters that sitecore inserts (item=%2faeuaoeu&user=extranet\Anonymous&site=thl) when redirecting to the 404 page specified in ItemNotFoundUrl.

In Sitecore 6 I can set

<setting name="RequestErrors.UseServerSideRedirect" value="true"/>

and it works but that setting doesn't exist in sitecore 5.3

I need it so I can fix this asp.net vulnerability

Edit: Sitecore's official response has been described in this article

+1  A: 

Besides item not found, there is also layout not found page with the same behavior.

You will need to create a custom version of Sitecore.Pipelines.HttpRequest.ExecuteRequest processor where you will be able to call custom version of the following methods:

private void HandleItemNotFound(HttpRequestArgs args)
private void HandleLayoutNotFound(HttpRequestArgs args)

Within these methods, you won't be attaching any query strings:

// old code:
WebUtil.Redirect(WebUtil.AddQueryString(itemNotFoundUrl, new string[] { "item", localPath, "user", userName, "site", str4 }), false);
}

//new code:
WebUtil.Redirect(itemNotFoundUrl, false);

I would recommend contacting official Sitecore tech support for a solution though.

Alex Shyba
Please check the official solution from Sitecore here: http://sdn.sitecore.net/Articles/Security/ASP,-d-,NET%20Vulnerability%202416728.aspx
Alex Shyba