From 89cf6bd5e4f17b7ddd1512086aa58fbf17f3f763 Mon Sep 17 00:00:00 2001
From: Jacques Le Roux <jacques.le.roux@les7arts.com>
Date: Wed, 20 Nov 2024 12:07:45 +0100
Subject: [PATCH] Improved: Prevent URL parameters manipulation (OFBIZ-13147)

We need only 1 allowedToken

Conflict handled by hand
---
 framework/security/config/security.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties
index b939a5667e..481cd17678 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -279,7 +279,7 @@ deniedWebShellTokens=$SHA$OFBiz$c_93W08vqLMlJHjOZ7_A6Wcaenw,$SHA$OFBiz$SigPYIfwa
 #-- SHA-1 versions of tokens containing (as String) at least one deniedWebShellTokens
 #-- This is notably used to allow special values in query parameters.
 #-- If you add a token beware that it does not content ",". It's the separator.
-allowedTokens=$SHA$OFBiz$EP-l2t4A_60cRYYnEqEaSiDjfrs,$SHA$OFBiz$JG1RWjLnFzQOpNRUqllybbbfyOE
+allowedTokens=$SHA$OFBiz$488OJhFI6NUQlvuqRVFHq6_KN8w
 
 allowStringConcatenationInUploadedFiles=false