7957 2012-10-09 11:48:00 -0700 login source parameter needs escaping 2012-11-28 02:29:55 -0800 1 1 1 Unclassified OJS User Interface 2.4.1 All All RESOLVED FIXED P3 normal --- 1 jason.nugent pkp-support michael.pkp rfm 31742 jason.nugent 2012-10-09 11:48:29 -0700 The login page 'source' parameter lacks HTML removal. 31747 jason.nugent 2012-10-10 04:00:04 -0700 strip html from source parameter https://github.com/pkp/omp/commit/f59a2f01516c7308997353f095b7d8b01848913e 31748 jason.nugent 2012-10-10 04:00:04 -0700 strip html from source parameter https://github.com/pkp/pkp-lib/commit/a88fa9f045c6319111381305399044a5338a225c 31749 jason.nugent 2012-10-10 04:05:02 -0700 strip html from source parameter https://github.com/pkp/omp/commit/da7f64ee71f3be71882b777a553e36e990df5744 31750 3871 jason.nugent 2012-10-10 04:05:11 -0700 Created attachment 3871 Patch against OMP 1.0b 31751 3872 jason.nugent 2012-10-10 04:05:39 -0700 Created attachment 3872 Patch against OJS pkp-lib 2.4.1 31763 michael.pkp 2012-10-10 15:36:47 -0700 Hi Jason, a couple of suggestions for the patches here: - It will help users if we label them as applicable to lib-pkp - Additional patch/recommended patch listing for OJS 2.3.8 31764 jason.nugent 2012-10-10 16:05:02 -0700 strip html from source parameter https://github.com/pkp/pkp-lib/commit/f203912651eff2f08c22243209dd30c73c97a002 31765 3873 jason.nugent 2012-10-10 16:06:08 -0700 Created attachment 3873 Patch against OJS pkp-lib 2.3.8 31766 jason.nugent 2012-10-10 16:06:51 -0700 Thanks, Michael. I've also started a new recommended patches page for OJS 2.3.8 with this patch. 31767 michael.pkp 2012-10-10 16:26:29 -0700 We'll likely also need fixes for ocs-stable and ohs-stable ... 31768 3874 jason.nugent 2012-10-11 03:54:08 -0700 Created attachment 3874 Patch against OCS pkp-lib 2.3.5 31769 3875 jason.nugent 2012-10-11 03:54:34 -0700 Created attachment 3875 Patch against OHS pkp-lib 2.3.2 31770 jason.nugent 2012-10-11 03:55:03 -0700 strip html from source parameter https://github.com/pkp/pkp-lib/commit/ae68891b3c31f0d0342f2c890d83436eee8cd866 3871 2012-10-10 04:05:00 -0700 2012-10-10 04:05:11 -0700 Patch against OMP 1.0b omp.patch text/plain 397 jason.nugent ZGlmZiAtLWdpdCBhL3RlbXBsYXRlcy91c2VyL2xvZ2luLnRwbCBiL3RlbXBsYXRlcy91c2VyL2xv Z2luLnRwbAppbmRleCAwODM1MzRiLi45Y2VkYTU2IDEwMDY0NAotLS0gYS90ZW1wbGF0ZXMvdXNl ci9sb2dpbi50cGwKKysrIGIvdGVtcGxhdGVzL3VzZXIvbG9naW4udHBsCkBAIC01Myw3ICs1Myw3 IEBACiAJPGJyIC8+CiB7L2lmfQogCi08aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJzb3VyY2Ui IHZhbHVlPSJ7JHNvdXJjZXxlc2NhcGV9IiAvPgorPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0i c291cmNlIiB2YWx1ZT0ieyRzb3VyY2V8c3RyaXBfdW5zYWZlX2h0bWx8ZXNjYXBlfSIgLz4KIAog e2lmICEgJGltcGxpY2l0QXV0aH0KIAl7ZmJ2Rm9ybUFyZWEgaWQ9ImxvZ2luRmllbGRzIn0KCg== 3872 2012-10-10 04:05:00 -0700 2012-10-10 16:05:28 -0700 Patch against OJS pkp-lib 2.4.1 ojs2_4_1.patch text/plain 404 jason.nugent ZGlmZiAtLWdpdCBhL3RlbXBsYXRlcy91c2VyL2xvZ2luLnRwbCBiL3RlbXBsYXRlcy91c2VyL2xv Z2luLnRwbAppbmRleCAzODNhYzQ4Li5hOGZkODJlIDEwMDY0NAotLS0gYS90ZW1wbGF0ZXMvdXNl ci9sb2dpbi50cGwKKysrIGIvdGVtcGxhdGVzL3VzZXIvbG9naW4udHBsCkBAIC0zNyw3ICszNyw3 IEBACiAJPGJyIC8+CiB7L2lmfQogCi08aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJzb3VyY2Ui IHZhbHVlPSJ7JHNvdXJjZXxlc2NhcGV9IiAvPgorPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0i c291cmNlIiB2YWx1ZT0ieyRzb3VyY2V8c3RyaXBfdW5zYWZlX2h0bWx8ZXNjYXBlfSIgLz4KIAog e2lmICEgJGltcGxpY2l0QXV0aH0KIAk8dGFibGUgaWQ9InNpZ25pblRhYmxlIiBjbGFzcz0iZGF0 YSI+Cgo= 3873 2012-10-10 16:06:00 -0700 2012-10-10 16:06:08 -0700 Patch against OJS pkp-lib 2.3.8 ojs-stable-2_3.patch text/plain 468 jason.nugent ZGlmZiAtLWdpdCBhL3RlbXBsYXRlcy91c2VyL2xvZ2luLnRwbCBiL3RlbXBsYXRlcy91c2VyL2xv Z2luLnRwbAppbmRleCBkYzAxZGNkLi45MWUyMWI2IDEwMDY0NAotLS0gYS90ZW1wbGF0ZXMvdXNl ci9sb2dpbi50cGwKKysrIGIvdGVtcGxhdGVzL3VzZXIvbG9naW4udHBsCkBAIC0zOCw3ICszOCw3 IEBACiAJPGZvcm0gaWQ9InNpZ25pbkZvcm0iIG5hbWU9ImxvZ2luIiBtZXRob2Q9InBvc3QiIGFj dGlvbj0ieyRsb2dpblVybH0iPgogey9pZn0KIAotPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0i c291cmNlIiB2YWx1ZT0ieyRzb3VyY2V8ZXNjYXBlfSIgLz4KKzxpbnB1dCB0eXBlPSJoaWRkZW4i IG5hbWU9InNvdXJjZSIgdmFsdWU9Inskc291cmNlfHN0cmlwX3Vuc2FmZV9odG1sfGVzY2FwZX0i IC8+CiAKIHtpZiAhICRpbXBsaWNpdEF1dGh9CiAJPHRhYmxlIGlkPSJzaWduaW5UYWJsZSIgY2xh c3M9ImRhdGEiPgoK 3874 2012-10-11 03:54:00 -0700 2012-10-11 03:58:42 -0700 Patch against OCS pkp-lib 2.3.5 ocs-stable-2_3.patch text/plain 468 jason.nugent ZGlmZiAtLWdpdCBhL3RlbXBsYXRlcy91c2VyL2xvZ2luLnRwbCBiL3RlbXBsYXRlcy91c2VyL2xv Z2luLnRwbAppbmRleCA0YmU4YTY1Li43YTcxNzgxIDEwMDY0NAotLS0gYS90ZW1wbGF0ZXMvdXNl ci9sb2dpbi50cGwKKysrIGIvdGVtcGxhdGVzL3VzZXIvbG9naW4udHBsCkBAIC0zOCw3ICszOCw3 IEBACiAJPGZvcm0gaWQ9InNpZ25pbkZvcm0iIG5hbWU9ImxvZ2luIiBtZXRob2Q9InBvc3QiIGFj dGlvbj0ieyRsb2dpblVybH0iPgogey9pZn0KIAotPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0i c291cmNlIiB2YWx1ZT0ieyRzb3VyY2V8ZXNjYXBlfSIgLz4KKzxpbnB1dCB0eXBlPSJoaWRkZW4i IG5hbWU9InNvdXJjZSIgdmFsdWU9Inskc291cmNlfHN0cmlwX3Vuc2FmZV9odG1sfGVzY2FwZX0i IC8+CiAKIHtpZiAhICRpbXBsaWNpdEF1dGh9CiAJPHRhYmxlIGlkPSJzaWduaW5UYWJsZSIgY2xh c3M9ImRhdGEiPgoK 3875 2012-10-11 03:54:00 -0700 2012-10-11 03:59:00 -0700 Patch against OHS pkp-lib 2.3.2 ohs-stable-2_3.patch text/plain 487 jason.nugent ZGlmZiAtLWdpdCBhL3RlbXBsYXRlcy91c2VyL2xvZ2luLnRwbCBiL3RlbXBsYXRlcy91c2VyL2xv Z2luLnRwbAppbmRleCBiY2ZiODdjLi42MDcyMzNjIDEwMDY0NAotLS0gYS90ZW1wbGF0ZXMvdXNl ci9sb2dpbi50cGwKKysrIGIvdGVtcGxhdGVzL3VzZXIvbG9naW4udHBsCkBAIC0zOCw3ICszOCw3 IEBACiAJPGZvcm0gaWQ9InNpZ25pbkZvcm0iIG5hbWU9ImxvZ2luIiBtZXRob2Q9InBvc3QiIGFj dGlvbj0ie3VybCBwYWdlPSJsb2dpbiIgb3A9InNpZ25JbiJ9Ij4KIHsvaWZ9CiAKLTxpbnB1dCB0 eXBlPSJoaWRkZW4iIG5hbWU9InNvdXJjZSIgdmFsdWU9Inskc291cmNlfGVzY2FwZX0iIC8+Cis8 aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJzb3VyY2UiIHZhbHVlPSJ7JHNvdXJjZXxzdHJpcF91 bnNhZmVfaHRtbHxlc2NhcGV9IiAvPgogCiB7aWYgISAkaW1wbGljaXRBdXRofQogCTx0YWJsZSBp ZD0ic2lnbmluVGFibGUiIGNsYXNzPSJkYXRhIj4KCg==