MantisBT - Piwigo
View Issue Details
0002280Piwigosecuritypublic2011.04.26 13:252011.05.31 22:34
stim 
plg 
highminoralways
closedfixed 
2.2.1 
2.2.22.2.2 
any
Apache 1.3.x
0002280: Input of language on profile pages is not verified
By manipulation of the profile form it is possible to insert bogus values for the language field into the database.

Instead, the disered behaviour would be to reject or ignore the incorrect input.
Open edit profile page.
Change the language field to a text-type input.
Change to anything you like.
This will be updated in the database.
No tags attached.
Issue History
2011.04.26 13:25stimNew Issue
2011.04.26 13:25stimbrowser => any
2011.04.26 13:25stimWeb server => Apache 1.3.x
2011.04.26 13:35stimNote Added: 0005054
2011.04.26 13:49stimNote Added: 0005056
2011.04.27 15:32plgAssigned To => plg
2011.04.27 15:32plgStatusnew => assigned
2011.04.27 15:32plgTarget Version => 2.2.2
2011.05.31 22:32svnCheckin
2011.05.31 22:32svnNote Added: 0005168
2011.05.31 22:32svnCheckin
2011.05.31 22:32svnNote Added: 0005169
2011.05.31 22:34plgPrioritynormal => high
2011.05.31 22:34plgStatusassigned => closed
2011.05.31 22:34plgResolutionopen => fixed
2011.05.31 22:34plgFixed in Version => 2.2.2

Notes
(0005054)
stim   
2011.04.26 13:35   
Particularly nasty because of a bug in AMM see 0002281
(0005056)
stim   
2011.04.26 13:49   
Same holds for theme selection.
Maybe all drop down boxes are vulnerable?
(0005168)
svn   
2011.05.31 22:32   
[Subversion] r11157 by plg on branch 2.2

-----[Subversion commit log]----------------------------------------------------
bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.
(0005169)
svn   
2011.05.31 22:32   
[Subversion] r11159 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r11157 from branch 2.2 to trunk

bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.