Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002234Piwigosecuritypublic2011.03.29 00:112011.09.30 10:18
ReporterLucMorizur 
Assigned ToPat 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformAnyOSAnyOS VersionAny
Product Version2.2.0RC4 
Target VersionFixed in Version2.1.7 
Summary0002234: HTML characters are allowed in username
DescriptionIf you create an account with following username:

P<script>window.open('http://piwigo.org' [^]);</script>

then the page http://piwigo.org [^] will be opened when this username is displayed, at least in administration pages (could not make that happen in public pages).
Steps To ReproduceCreate an account with following username:

P<script>window.open('http://piwigo.org' [^]);</script>

and look at users management pages.
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0004919)
svn (reporter)
2011.03.29 21:30

[Subversion] r9923 by patdenice on trunk

-----[Subversion commit log]----------------------------------------------------
bug:2234
HTML characters are allowed in username
(0004920)
svn (reporter)
2011.03.29 21:59

[Subversion] r9929 by patdenice on branch 2.1

-----[Subversion commit log]----------------------------------------------------
merge r9923 from trunk to branch 2.1
bug:2234
HTML characters are allowed in username

- Issue History
Date Modified Username Field Change
2011.03.29 00:11 LucMorizur New Issue
2011.03.29 00:11 LucMorizur browser => any
2011.03.29 00:11 LucMorizur Web server => Apache 1.3.x
2011.03.29 21:30 Pat Status new => assigned
2011.03.29 21:30 Pat Assigned To => Pat
2011.03.29 21:30 svn Checkin
2011.03.29 21:30 svn Note Added: 0004919
2011.03.29 21:59 svn Checkin
2011.03.29 21:59 svn Note Added: 0004920
2011.03.29 22:01 Pat Status assigned => resolved
2011.03.29 22:01 Pat Fixed in Version => 2.1.7
2011.03.29 22:01 Pat Resolution open => fixed
2011.09.30 10:18 plg Status resolved => closed


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker