[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [bug #14457] Fixing XSS border side effects in et

From: Caeies
Subject: [Phpgroupware-tracker] [bug #14457] Fixing XSS border side effects in etemplate editor
Date: Wed, 7 Sep 2005 13:14:27 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4 (Debian package 1.0.4-2sarge3)


                 Summary: Fixing XSS border side effects in etemplate editor
                 Project: phpGroupWare
            Submitted by: Caeies
            Submitted on: mer 07.09.2005 à 13:14
                Category: eTemplates
              Item Group:
                Severity: 4 - Important
                Priority: 7 - High
                  Status: None
                 Privacy: Public
             Assigned to: Caeies
             Open/Closed: Open
       Component Version: CVS
        Platform Version: None
         Reproducibility: None
         Planned Release:
           Fixed Release: 




Just for reviewing of the patch and discussion :

In case of etemplate, the $_POST is replaced by $GLOBALS['RAW_REQUEST'] ...
so dev users building template are not too impacted by the strips ...

Of course this is a short term solution, the best would be to fix etemplate
completly :)




File Attachments:

Date: mer 07.09.2005 à 13:14  Name: etemplate.diff  Size: 669o   By: Caeies
patch for allowing XSS by devs (and only them) in etemplate


Reply to this item at:


  Message posté via/par Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]