We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.

Bug 6259 - User interests stored in database urlencoded
User interests stored in database urlencoded
Status: RESOLVED FIXED
Product: OJS
Classification: Unclassified
Component: General
2.3.4
All All
: P3 normal
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-26 16:58 PST by Alec Smecher
Modified: 2011-01-31 12:12 PST (History)
1 user (show)

See Also:
Version Reported In:
Also Affects:


Attachments
Patch against OJS 2.3.3-3 (13.20 KB, patch)
2010-12-09 13:28 PST, Matthew Crider
Details | Diff
Patch against PKP-lib (3.15 KB, patch)
2010-12-09 13:28 PST, Matthew Crider
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alec Smecher 2010-11-26 16:58:07 PST
User interests stored in database urlencoded for some reason. Also, XSS risks exist when entries contain <angle brackets>.
Comment 1 Matthew Crider 2010-12-09 13:28:30 PST
Created attachment 3390 [details]
Patch against OJS 2.3.3-3
Comment 2 Matthew Crider 2010-12-09 13:28:51 PST
Created attachment 3391 [details]
Patch against PKP-lib