First Last Prev Next    This bug is not in your last search results.
Bug 7957 - login source parameter needs escaping
: login source parameter needs escaping
Status: RESOLVED FIXED
Product: OJS
Classification: Unclassified
Component: User Interface
: 2.4.1
: All All
: P3 normal
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-09 11:48 PDT by Jason Nugent
Modified: 2012-11-28 02:29 PST (History)
2 users (show)

See Also:
Version Reported In:
Also Affects:

Attachments
Patch against OMP 1.0b (397 bytes, patch)
2012-10-10 04:05 PDT, Jason Nugent 		Details | Diff
Patch against OJS pkp-lib 2.4.1 (404 bytes, patch)
2012-10-10 04:05 PDT, Jason Nugent 		Details | Diff
Patch against OJS pkp-lib 2.3.8 (468 bytes, patch)
2012-10-10 16:06 PDT, Jason Nugent 		Details | Diff
Patch against OCS pkp-lib 2.3.5 (468 bytes, patch)
2012-10-11 03:54 PDT, Jason Nugent 		Details | Diff
Patch against OHS pkp-lib 2.3.2 (487 bytes, patch)
2012-10-11 03:54 PDT, Jason Nugent 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Nugent 2012-10-09 11:48:29 PDT 
The login page 'source' parameter lacks HTML removal.
Comment 1 Jason Nugent 2012-10-10 04:00:04 PDT 
strip html from source parameter
https://github.com/pkp/omp/commit/f59a2f01516c7308997353f095b7d8b01848913e
Comment 2 Jason Nugent 2012-10-10 04:00:04 PDT 
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/a88fa9f045c6319111381305399044a5338a225c
Comment 3 Jason Nugent 2012-10-10 04:05:02 PDT 
strip html from source parameter
https://github.com/pkp/omp/commit/da7f64ee71f3be71882b777a553e36e990df5744
Comment 4 Jason Nugent 2012-10-10 04:05:11 PDT 
Created attachment 3871 [details]
Patch against OMP 1.0b
Comment 5 Jason Nugent 2012-10-10 04:05:39 PDT 
Created attachment 3872 [details]
Patch against OJS pkp-lib 2.4.1
Comment 6 Michael Felczak 2012-10-10 15:36:47 PDT 
Hi Jason, a couple of suggestions for the patches here:
- It will help users if we label them as applicable to lib-pkp
- Additional patch/recommended patch listing for OJS 2.3.8
Comment 7 Jason Nugent 2012-10-10 16:05:02 PDT 
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/f203912651eff2f08c22243209dd30c73c97a002
Comment 8 Jason Nugent 2012-10-10 16:06:08 PDT 
Created attachment 3873 [details]
Patch against OJS pkp-lib 2.3.8
Comment 9 Jason Nugent 2012-10-10 16:06:51 PDT 
Thanks, Michael.  I've also started a new recommended patches page for OJS 2.3.8 with this patch.
Comment 10 Michael Felczak 2012-10-10 16:26:29 PDT 
We'll likely also need fixes for ocs-stable and ohs-stable ...
Comment 11 Jason Nugent 2012-10-11 03:54:08 PDT 
Created attachment 3874 [details]
Patch against OCS pkp-lib 2.3.5
Comment 12 Jason Nugent 2012-10-11 03:54:34 PDT 
Created attachment 3875 [details]
Patch against OHS pkp-lib 2.3.2
Comment 13 Jason Nugent 2012-10-11 03:55:03 PDT 
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/ae68891b3c31f0d0342f2c890d83436eee8cd866
First Last Prev Next    This bug is not in your last search results.