Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002750Piwigosecuritypublic2012.09.18 14:062012.09.18 14:15
Reporterplg 
Assigned Toplg 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.4.3 
Target Version2.4.4Fixed in Version2.4.4 
Summary0002750: [password.php] unprotected user input
Description$_POST['username_or_email'] needs to be HTML-sanitized before being displayed back in HTML content.

Original report by Stefan Schurtz via Secunia SVCRP
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships
related to 0002774closedplg [password.php] user input vulnerability 

-  Notes
(0006635)
svn (reporter)
2012.09.18 14:07

[Subversion] r17983 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP
(0006636)
svn (reporter)
2012.09.18 14:09

[Subversion] r17984 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r17983 from branch 2.4 to trunk

bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP


- Issue History
Date Modified Username Field Change
2012.09.18 14:06 plg New Issue
2012.09.18 14:06 plg Status new => assigned
2012.09.18 14:06 plg Assigned To => plg
2012.09.18 14:06 plg browser => any
2012.09.18 14:06 plg Web server => Apache 1.3.x
2012.09.18 14:07 svn Checkin
2012.09.18 14:07 svn Note Added: 0006635
2012.09.18 14:09 svn Checkin
2012.09.18 14:09 svn Note Added: 0006636
2012.09.18 14:15 plg Status assigned => closed
2012.09.18 14:15 plg Resolution open => fixed
2012.09.18 14:15 plg Fixed in Version => 2.4.4
2012.10.19 22:17 plg Relationship added related to 0002774


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker