Bug 7957

Summary: login source parameter needs escaping
Product: OJS Reporter: Jason Nugent <jason.nugent>
Component: User InterfaceAssignee: PKP Support <pkp-support>
Status: RESOLVED FIXED    
Severity: normal CC: michael.pkp, rfm
Priority: P3    
Version: 2.4.1   
Hardware: All   
OS: All   
Version Reported In: Also Affects:
Attachments: Patch against OMP 1.0b
Patch against OJS pkp-lib 2.4.1
Patch against OJS pkp-lib 2.3.8
Patch against OCS pkp-lib 2.3.5
Patch against OHS pkp-lib 2.3.2

Description Jason Nugent 2012-10-09 11:48:29 PDT
The login page 'source' parameter lacks HTML removal.
Comment 1 Jason Nugent 2012-10-10 04:00:04 PDT
strip html from source parameter
https://github.com/pkp/omp/commit/f59a2f01516c7308997353f095b7d8b01848913e
Comment 2 Jason Nugent 2012-10-10 04:00:04 PDT
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/a88fa9f045c6319111381305399044a5338a225c
Comment 3 Jason Nugent 2012-10-10 04:05:02 PDT
strip html from source parameter
https://github.com/pkp/omp/commit/da7f64ee71f3be71882b777a553e36e990df5744
Comment 4 Jason Nugent 2012-10-10 04:05:11 PDT
Created attachment 3871 [details]
Patch against OMP 1.0b
Comment 5 Jason Nugent 2012-10-10 04:05:39 PDT
Created attachment 3872 [details]
Patch against OJS pkp-lib 2.4.1
Comment 6 Michael Felczak 2012-10-10 15:36:47 PDT
Hi Jason, a couple of suggestions for the patches here:
- It will help users if we label them as applicable to lib-pkp
- Additional patch/recommended patch listing for OJS 2.3.8
Comment 7 Jason Nugent 2012-10-10 16:05:02 PDT
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/f203912651eff2f08c22243209dd30c73c97a002
Comment 8 Jason Nugent 2012-10-10 16:06:08 PDT
Created attachment 3873 [details]
Patch against OJS pkp-lib 2.3.8
Comment 9 Jason Nugent 2012-10-10 16:06:51 PDT
Thanks, Michael.  I've also started a new recommended patches page for OJS 2.3.8 with this patch.
Comment 10 Michael Felczak 2012-10-10 16:26:29 PDT
We'll likely also need fixes for ocs-stable and ohs-stable ...
Comment 11 Jason Nugent 2012-10-11 03:54:08 PDT
Created attachment 3874 [details]
Patch against OCS pkp-lib 2.3.5
Comment 12 Jason Nugent 2012-10-11 03:54:34 PDT
Created attachment 3875 [details]
Patch against OHS pkp-lib 2.3.2
Comment 13 Jason Nugent 2012-10-11 03:55:03 PDT
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/ae68891b3c31f0d0342f2c890d83436eee8cd866