Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002280 [Piwigo] security minor always 2011.04.26 13:25 2011.05.31 22:34
Reporter stim View Status public  
Assigned To plg
Priority high Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 2.2.2 Product Version 2.2.1
  Target Version 2.2.2 Product Build
Summary 0002280: Input of language on profile pages is not verified
Description By manipulation of the profile form it is possible to insert bogus values for the language field into the database.

Instead, the disered behaviour would be to reject or ignore the incorrect input.
Steps To Reproduce Open edit profile page.
Change the language field to a text-type input.
Change to anything you like.
This will be updated in the database.
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
(0005054)
stim (reporter)
2011.04.26 13:35

Particularly nasty because of a bug in AMM see 0002281
(0005056)
stim (reporter)
2011.04.26 13:49

Same holds for theme selection.
Maybe all drop down boxes are vulnerable?
(0005168)
svn (reporter)
2011.05.31 22:32

[Subversion] r11157 by plg on branch 2.2

-----[Subversion commit log]----------------------------------------------------
bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.
(0005169)
svn (reporter)
2011.05.31 22:32

[Subversion] r11159 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r11157 from branch 2.2 to trunk

bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.


- Issue History
Date Modified Username Field Change
2011.04.26 13:25 stim New Issue
2011.04.26 13:25 stim browser => any
2011.04.26 13:25 stim Web server => Apache 1.3.x
2011.04.26 13:35 stim Note Added: 0005054
2011.04.26 13:49 stim Note Added: 0005056
2011.04.27 15:32 plg Assigned To => plg
2011.04.27 15:32 plg Status new => assigned
2011.04.27 15:32 plg Target Version => 2.2.2
2011.05.31 22:32 svn Checkin
2011.05.31 22:32 svn Note Added: 0005168
2011.05.31 22:32 svn Checkin
2011.05.31 22:32 svn Note Added: 0005169
2011.05.31 22:34 plg Priority normal => high
2011.05.31 22:34 plg Status assigned => closed
2011.05.31 22:34 plg Resolution open => fixed
2011.05.31 22:34 plg Fixed in Version => 2.2.2


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker