Security Warning: The web.config file accepts a wildcard character: * when specifying the path, which could allow any page in the specified site collection to run code. With code blocks disabled, it is possible to bypass or work around permissions used on sites, lists and libraries.
The web.config file is generally located in the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\CONFIG directory
1. Find the following tag in the web.config file:
<pageparserpaths>
........
</pageparserpaths>
2. Add a <pageparserpath> tag with path required attributes (see below)
<pageparserpath virtualpath="/_catalogs/masterpage/*"
compilationmode="Always" allowserversidescript="true"
includesubfolders="true">
The above line will allow any page in the masterpage library and sub-folders to run script or code. The web.config file should look like this:
<pageparserpaths></pageparserpaths><pageparserpath
virtualpath="/_catalogs/masterpage/*"
compilationmode="Always"
allowserversidescript="true"
includesubfolders="true">
Posts
No comments:
Post a Comment