html "injection" in sql input
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chive |
Fix Released
|
Undecided
|
David Roth |
Bug Description
Certain queries can "mess up" the page layout
Example query:
UPDATE `page_text` SET `text`='<HTML>
<BODY>
<H1 align=\
<IMG src=\"Interface
<P align=\
<IMG src=\"Interface
<P align=\
<IMG src=\"Interface
<P align=\
<IMG src=\"Interface
<P align=\
<IMG src=\"Interface
<P align=\
</BODY>
</HTML>' WHERE `entry`=2855;
Attached (3) screenshot (in SQL page, after clicking Execute, after clicking Execute a 2nd time)
Using Chive 1.0.3
Using Google Chrome 20.0.1132.17 beta-m
Changed in chive: | |
status: | Fix Committed → Fix Released |
This has been resolved in the 1.1 series and well be available in chive 1.1 soon.