- set an internal flag if tempurl middleware validates a request using a container key
- check this flag in the slo/dlo middleware, and if set ensure access is only granted to segments within the same container like the original request
Any other ideas? Does that make sense? I can attach a patch tomorrow if this makes sense to anyone.
Tested, and I can confirm this bug.
A possible bugfix might be something like this:
- set an internal flag if tempurl middleware validates a request using a container key
- check this flag in the slo/dlo middleware, and if set ensure access is only granted to segments within the same container like the original request
Any other ideas? Does that make sense? I can attach a patch tomorrow if this makes sense to anyone.