Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-2130

XMLUI allows access to theme XSL files

    Details

    • Attachments:
      0
    • Comments:
      0
    • Documentation Status:
      Not Required

      Description

      This is probably a longstanding issue, and is probably due to the nature of how Cocoon works, but there should be something we can do to disallow URLs such as this one:

      http://demo.dspace.org/xmlui/themes/Mirage/sitemap.xmap

      That URL should not work. It's my understanding that at least one DSpace vendor has developed a workaround for this issue, so I am logging this now, with the hopes that they (or others) will contribute the fix for the next version of DSpace.

      Most DSpace users make all of our code, including our theme code, available for free in GitHub. So the impact of this bug is diminished. However, for organizations who make it their business to sell theme code, or solutions centered around theme code, this bug will have an impact on their business. DSpace aspires to be business-friendly. We should fix this.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tdonohue Tim Donohue
                Reporter:
                hardyoyo Hardy Pottinger
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: