BUG – Tilde not allowed in IIS / PCI Compliance
-
Hi,
Tilde is not allowed in URLs served from IIS as it causes a PCI scan failure. I know it was changed from : to ~ in an earlier version, but now ~ not allowed.
https://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
Therefore, I needed to change \all-in-one-event-calendar\lib\routing\uri.php LINE 18 to use ^ instead of ~
const DIRECTION_SEPARATOR = '^';Is there a way this can be part of the Advanced Settings where we have a choice of the separator so that when I update, my change isn’t lost?
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘BUG – Tilde not allowed in IIS / PCI Compliance’ is closed to new replies.
