I've just come accross a slight issue off the back of some Pen testing one out clients has had conducted on a site we've developed.
It seems that you can get umbraco to almost bypass the content management and serve the template by simply putting the template name at the end of the domain.
i.e www.somewebsite.com/<templatename>
In the situation of our site, we have a template called standardpage but no content page/node by that name. I would have expected it to return a 404, but it doesnt the template is returned.
Is this a bug, have i missed some configuration or is it intended?
Umbraco Serving templates on frontend
I've just come accross a slight issue off the back of some Pen testing one out clients has had conducted on a site we've developed.
It seems that you can get umbraco to almost bypass the content management and serve the template by simply putting the template name at the end of the domain.
i.e www.somewebsite.com/<templatename>
In the situation of our site, we have a template called standardpage but no content page/node by that name. I would have expected it to return a 404, but it doesnt the template is returned.
Is this a bug, have i missed some configuration or is it intended?
If the later why is this so?
And is there any way round this.
Altering the 404handlers config file doesnt seem to make any difference
Actually, that's a feature, called Alternative Templates
Here's a good explation of what it is:
http://www.nibble.be/?p=42
I don't know if you can turn it off though...
is working on a reply...