Piwigo bug tracker has moved to Github
This bugtracker is kept to provide history on old issues.
| Anonymous | Login | Signup for a new account | 2017.09.25 20:39 CEST | |
| My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000702 | Piwigo | security | public | 2007.06.07 13:17 | 2007.09.20 21:03 | ||||
| Reporter | rub | ||||||||
| Assigned To | rub | ||||||||
| Priority | urgent | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 1.7.0 | ||||||||
| Target Version | Fixed in Version | 1.7.1 | |||||||
| Summary | 0000702: Code Injection | ||||||||
| Description | Code Injection with picture comment With guest user, it's possible to inject code on author field. Example at moment: http://demo.phpwebgallery.net/picture.php?/106/category/15 [^] http://demo.phpwebgallery.net/picture.php?/128/category/15 [^] | ||||||||
| Steps To Reproduce | set <script>alert('Hello World!');</script> as author | ||||||||
| Tags | No tags attached. | ||||||||
| browser | any | ||||||||
| Database engine and version | |||||||||
| PHP version | |||||||||
| Web server | Apache 1.3.x | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0001881) rub (developer) 2007.06.07 13:45 |
je commite ce soir une correction se basant sur le même principe que le contenu du commentaire: add_event_handler('render_comment_content', 'htmlspecialchars'); |
|
(0001882) plg (manager) 2007.06.07 19:46 |
Je préfererais un strip_tags |
|
(0001883) rub (developer) 2007.06.07 19:58 |
Pour l'auteur et aussi pour le contenu du commentaire? |
|
(0001884) rub (developer) 2007.06.07 20:51 |
[Subversion] r2030 & [Subversion] r2031 strip_tags uniquement sur auteur finalement |
|
(0001987) VDigital (reporter) 2007.09.20 21:01 |
Just to make it public... |
|
(0001988) VDigital (reporter) 2007.09.20 21:03 |
Can be seen as proof of already identified issue. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2007.06.07 13:17 | rub | New Issue | |
| 2007.06.07 13:17 | rub | browser | => any |
| 2007.06.07 13:17 | rub | Web server | => Apache 1.3.x |
| 2007.06.07 13:19 | rub | Summary | Code Injection with picture comment => Code Injection |
| 2007.06.07 13:19 | rub | Description Updated | |
| 2007.06.07 13:19 | rub | Steps to Reproduce Updated | |
| 2007.06.07 13:22 | rub | Status | new => acknowledged |
| 2007.06.07 13:39 | rub | Status | acknowledged => assigned |
| 2007.06.07 13:39 | rub | Assigned To | => rub |
| 2007.06.07 13:45 | rub | Note Added: 0001881 | |
| 2007.06.07 19:46 | plg | Note Added: 0001882 | |
| 2007.06.07 19:58 | rub | Note Added: 0001883 | |
| 2007.06.07 20:51 | rub | Status | assigned => resolved |
| 2007.06.07 20:51 | rub | Fixed in Version | => 1.7.1 |
| 2007.06.07 20:51 | rub | Resolution | open => fixed |
| 2007.06.07 20:51 | rub | Note Added: 0001884 | |
| 2007.06.07 20:52 | rub | Status | resolved => closed |
| 2007.09.20 21:01 | VDigital | Status | closed => feedback |
| 2007.09.20 21:01 | VDigital | Resolution | fixed => reopened |
| 2007.09.20 21:01 | VDigital | Note Added: 0001987 | |
| 2007.09.20 21:02 | VDigital | View Status | private => public |
| 2007.09.20 21:03 | VDigital | Status | feedback => closed |
| 2007.09.20 21:03 | VDigital | Note Added: 0001988 | |
| 2007.09.20 21:03 | VDigital | Resolution | reopened => fixed |
|
Issue History |
| Copyright © 2000 - 2017 MantisBT Team Contact |
 |