 Relationships |
|
| Anonymous | Login | Signup for a new account | 2013.05.23 10:30 CEST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0002234 | [Piwigo] security | major | always | 2011.03.29 00:11 | 2011.09.30 10:18 | ||
| Reporter | LucMorizur | View Status | public | ||||
| Assigned To | Pat | ||||||
| Priority | normal | Resolution | fixed | Platform | Any | ||
| Status | closed | OS | Any | ||||
| Projection | none | OS Version | Any | ||||
| ETA | none | Fixed in Version | 2.1.7 | Product Version | 2.2.0RC4 | ||
| Target Version | Product Build | ||||||
| Summary | 0002234: HTML characters are allowed in username | ||||||
| Description |
If you create an account with following username: P<script>window.open('http://piwigo.org');</script> [^] then the page http://piwigo.org [^] will be opened when this username is displayed, at least in administration pages (could not make that happen in public pages). |
||||||
| Steps To Reproduce |
Create an account with following username: P<script>window.open('http://piwigo.org');</script> [^] and look at users management pages. |
||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| browser | any | ||||||
| Database engine and version | |||||||
| PHP version | |||||||
| Web server | Apache 1.3.x | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0004919) svn (reporter) 2011.03.29 21:30 |
[Subversion] r9923 by patdenice on trunk -----[Subversion commit log]---------------------------------------------------- bug:2234 HTML characters are allowed in username |
|
(0004920) svn (reporter) 2011.03.29 21:59 |
[Subversion] r9929 by patdenice on branch 2.1 -----[Subversion commit log]---------------------------------------------------- merge r9923 from trunk to branch 2.1 bug:2234 HTML characters are allowed in username |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011.03.29 00:11 | LucMorizur | New Issue | |
| 2011.03.29 00:11 | LucMorizur | browser | => any |
| 2011.03.29 00:11 | LucMorizur | Web server | => Apache 1.3.x |
| 2011.03.29 21:30 | Pat | Status | new => assigned |
| 2011.03.29 21:30 | Pat | Assigned To | => Pat |
| 2011.03.29 21:30 | svn | Checkin | |
| 2011.03.29 21:30 | svn | Note Added: 0004919 | |
| 2011.03.29 21:59 | svn | Checkin | |
| 2011.03.29 21:59 | svn | Note Added: 0004920 | |
| 2011.03.29 22:01 | Pat | Status | assigned => resolved |
| 2011.03.29 22:01 | Pat | Fixed in Version | => 2.1.7 |
| 2011.03.29 22:01 | Pat | Resolution | open => fixed |
| 2011.09.30 10:18 | plg | Status | resolved => closed |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group Contact |  |
