Bug 7957 - login source parameter needs escaping
login source parameter needs escaping
Status: RESOLVED FIXED
Product: OJS
Classification: Unclassified
Component: User Interface
2.4.1
All All
: P3 normal
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-09 11:48 PDT by Jason Nugent
Modified: 2012-11-28 02:29 PST (History)
2 users (show)

See Also:
Version Reported In:
Also Affects:


Attachments
Patch against OMP 1.0b (397 bytes, patch)
2012-10-10 04:05 PDT, Jason Nugent
Details | Diff
Patch against OJS pkp-lib 2.4.1 (404 bytes, patch)
2012-10-10 04:05 PDT, Jason Nugent
Details | Diff
Patch against OJS pkp-lib 2.3.8 (468 bytes, patch)
2012-10-10 16:06 PDT, Jason Nugent
Details | Diff
Patch against OCS pkp-lib 2.3.5 (468 bytes, patch)
2012-10-11 03:54 PDT, Jason Nugent
Details | Diff
Patch against OHS pkp-lib 2.3.2 (487 bytes, patch)
2012-10-11 03:54 PDT, Jason Nugent
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Nugent 2012-10-09 11:48:29 PDT
The login page 'source' parameter lacks HTML removal.
Comment 1 Jason Nugent 2012-10-10 04:00:04 PDT
strip html from source parameter
https://github.com/pkp/omp/commit/f59a2f01516c7308997353f095b7d8b01848913e
Comment 2 Jason Nugent 2012-10-10 04:00:04 PDT
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/a88fa9f045c6319111381305399044a5338a225c
Comment 3 Jason Nugent 2012-10-10 04:05:02 PDT
strip html from source parameter
https://github.com/pkp/omp/commit/da7f64ee71f3be71882b777a553e36e990df5744
Comment 4 Jason Nugent 2012-10-10 04:05:11 PDT
Created attachment 3871 [details]
Patch against OMP 1.0b
Comment 5 Jason Nugent 2012-10-10 04:05:39 PDT
Created attachment 3872 [details]
Patch against OJS pkp-lib 2.4.1
Comment 6 Michael Felczak 2012-10-10 15:36:47 PDT
Hi Jason, a couple of suggestions for the patches here:
- It will help users if we label them as applicable to lib-pkp
- Additional patch/recommended patch listing for OJS 2.3.8
Comment 7 Jason Nugent 2012-10-10 16:05:02 PDT
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/f203912651eff2f08c22243209dd30c73c97a002
Comment 8 Jason Nugent 2012-10-10 16:06:08 PDT
Created attachment 3873 [details]
Patch against OJS pkp-lib 2.3.8
Comment 9 Jason Nugent 2012-10-10 16:06:51 PDT
Thanks, Michael.  I've also started a new recommended patches page for OJS 2.3.8 with this patch.
Comment 10 Michael Felczak 2012-10-10 16:26:29 PDT
We'll likely also need fixes for ocs-stable and ohs-stable ...
Comment 11 Jason Nugent 2012-10-11 03:54:08 PDT
Created attachment 3874 [details]
Patch against OCS pkp-lib 2.3.5
Comment 12 Jason Nugent 2012-10-11 03:54:34 PDT
Created attachment 3875 [details]
Patch against OHS pkp-lib 2.3.2
Comment 13 Jason Nugent 2012-10-11 03:55:03 PDT
strip html from source parameter
https://github.com/pkp/pkp-lib/commit/ae68891b3c31f0d0342f2c890d83436eee8cd866