Anonymous | Login | Signup for a new account | 2021-04-12 22:49 BST | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000130 | SiT! | other | public | 2008-07-21 16:38 | 2010-03-27 12:31 | ||||
Reporter | ivan | ||||||||
Assigned To | ivan | ||||||||
Priority | normal | Severity | major | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | |||||||||
Target Version | 3.60 LTS | Fixed in Version | 3.60 LTS | ||||||
Summary | 0000130: $_SESSION['formdata'] contains raw input with no checking | ||||||||
Description | Session formdata (which is used for returning data to forms when an input error has occurred) contains raw GET or POST data, tags are not stripped etc. e.g. $_SESSION['formdata']['add_task'] = $_POST; This is then used in the form e.g. echo "value='{$_SESSION['formdata']['add_task']['name']}'"; This is potentially very dangerous, we should cleanvar these variables before use. | ||||||||
Additional Information | We need to work out cleanvar() or equiv. for the following data input/output cases HTML form -> database, database -> HTML form, HTML form -> HTML form (the formdata), HTML form -> email, database -> email, email -> database The test data at http://sitracker.org/wiki/Development/Test_Data [^] should be able to be input/stored and edited in every form, and also accepted as email in, and ok in email out. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
![]() |
|
paulh (administrator) 2008-10-07 11:14 |
Need to check all vars got are clean |
ivan (administrator) 2008-10-23 15:44 |
Adding a contact with surname O'Neil and then editing that contact causes the surname to be munged. |
ivan (administrator) 2008-11-18 11:46 |
This isn't a blocking bug, it's not great but it's not that bad. |
ivan (administrator) 2009-05-29 14:57 |
Still fails for the test data in most cases, but it's not fatal and it's not very high visibility, bumping to 3.60 release as we don't have time left for this. |
ivan (administrator) 2010-03-20 16:11 |
Fixed in 3.x svn r6291 |
ivan (administrator) 2010-03-23 21:39 |
Fixed in git 8cb65b3 |
![]() |
|||
Date Modified | Username | Field | Change |
2008-07-21 16:38 | ivan | New Issue | |
2008-10-07 11:14 | paulh | Note Added: 0000109 | |
2008-10-07 11:14 | paulh | Assigned To | => ivan |
2008-10-07 11:14 | paulh | Status | new => feedback |
2008-10-23 15:44 | ivan | Note Added: 0000130 | |
2008-10-28 09:27 | ivan | Target Version | 3.40 => 3.41 |
2008-10-28 09:27 | ivan | Additional Information Updated | |
2008-11-18 11:46 | ivan | Note Added: 0000195 | |
2008-11-18 11:46 | ivan | Severity | block => major |
2008-11-29 23:32 | kieran | Target Version | 3.41 => 3.45 |
2009-01-28 15:17 | paulh | Target Version | 3.45 => 3.50 |
2009-05-29 14:48 | ivan | Additional Information Updated | |
2009-05-29 14:57 | ivan | Note Added: 0001153 | |
2009-05-29 14:57 | ivan | Status | feedback => assigned |
2009-05-29 14:57 | ivan | Target Version | 3.50 => 3.60 |
2010-03-20 16:11 | ivan | Fixed in Version | 3.60 LTS => Current SVN |
2010-03-20 16:11 | ivan | Note Added: 0002751 | |
2010-03-20 16:11 | ivan | Status | assigned => resolved |
2010-03-20 16:11 | ivan | Fixed in Version | => 3.60 LTS |
2010-03-20 16:11 | ivan | Resolution | open => fixed |
2010-03-23 21:39 | ivan | Note Added: 0002845 | |
2010-03-27 11:16 | ivan | Fixed in Version | Current SVN => 3.60 LTS |
2010-03-27 12:31 | ivan | Status | resolved => closed |
Copyright © 2000 - 2021 MantisBT Team |