Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002750 [Piwigo] security minor always 2012.09.18 14:06 2012.09.18 14:15
Reporter plg View Status public  
Assigned To plg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 2.4.4 Product Version 2.4.3
  Target Version 2.4.4 Product Build
Summary 0002750: [password.php] unprotected user input
Description $_POST['username_or_email'] needs to be HTML-sanitized before being displayed back in HTML content.

Original report by Stefan Schurtz via Secunia SVCRP
Steps To Reproduce
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships
related to 0002774closedplg [password.php] user input vulnerability 

-  Notes
(0006635)
svn (reporter)
2012.09.18 14:07

[Subversion] r17983 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP
(0006636)
svn (reporter)
2012.09.18 14:09

[Subversion] r17984 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r17983 from branch 2.4 to trunk

bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP


- Issue History
Date Modified Username Field Change
2012.09.18 14:06 plg New Issue
2012.09.18 14:06 plg Status new => assigned
2012.09.18 14:06 plg Assigned To => plg
2012.09.18 14:06 plg browser => any
2012.09.18 14:06 plg Web server => Apache 1.3.x
2012.09.18 14:07 svn Checkin
2012.09.18 14:07 svn Note Added: 0006635
2012.09.18 14:09 svn Checkin
2012.09.18 14:09 svn Note Added: 0006636
2012.09.18 14:15 plg Status assigned => closed
2012.09.18 14:15 plg Resolution open => fixed
2012.09.18 14:15 plg Fixed in Version => 2.4.4
2012.10.19 22:17 plg Relationship added related to 0002774


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker