[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bug #14457] Fixing XSS border side effects in et
From: |
Caeies |
Subject: |
[Phpgroupware-tracker] [bug #14457] Fixing XSS border side effects in etemplate editor |
Date: |
Wed, 7 Sep 2005 13:14:27 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4 (Debian package 1.0.4-2sarge3) |
URL:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=14457>
Summary: Fixing XSS border side effects in etemplate editor
Project: phpGroupWare
Submitted by: Caeies
Submitted on: mer 07.09.2005 à 13:14
Category: eTemplates
Item Group: 0.9.16.008
Severity: 4 - Important
Priority: 7 - High
Status: None
Privacy: Public
Assigned to: Caeies
Open/Closed: Open
Component Version: CVS
Platform Version: None
Reproducibility: None
Planned Release: 0.9.16.005+
Fixed Release:
_______________________________________________________
Details:
Hi,
Just for reviewing of the patch and discussion :
In case of etemplate, the $_POST is replaced by $GLOBALS['RAW_REQUEST'] ...
so dev users building template are not too impacted by the strips ...
Of course this is a short term solution, the best would be to fix etemplate
completly :)
Regards,
Caeies
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: mer 07.09.2005 à 13:14 Name: etemplate.diff Size: 669o By: Caeies
patch for allowing XSS by devs (and only them) in etemplate
<http://savannah.gnu.org/bugs/download.php?item_id=14457&item_file_id=2924>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=14457>
_______________________________________________
Message posté via/par Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [bug #14457] Fixing XSS border side effects in etemplate editor,
Caeies <=