fix #697 - Email HTML - request URL path segment contains illegal characters

jrivard · jrivard · commit d415327e176d · 2023-12-12T10:19:21.000-05:00
diff --git a/server/src/main/resources/password/pwm/AppProperty.properties b/server/src/main/resources/password/pwm/AppProperty.properties
@@ -307,7 +307,7 @@ security.http.stripHeaderRegex=\\n|\\r|(?ism)%0A|%0D
 security.http.performCsrfHeaderChecks=false
 security.http.promiscuousEnable=false
 security.http.permittedUserPhotoMimeTypes=image/gif,image/png,image/jpeg
-security.http.permittedUrlPathCharacters=^[a-zA-Z0-9-_]*$
+security.http.permittedUrlPathCharacters=^[a-zA-Z0-9-_=\\s]*$
 security.http.config.cspHeader=default-src 'self'; object-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; report-uri @PwmContextPath@/public/command/cspReport
 security.httpsServer.selfCert.futureSeconds=63113904
 security.httpsServer.selfCert.alg=RSA
