chive

html "injection" in sql input

Bug #1006168 reported by Dud Dod
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chive
Fix Released
Undecided
David Roth
chive 1.1

Bug Description

Certain queries can "mess up" the page layout

Example query:
    UPDATE `page_text` SET `text`='<HTML>
    <BODY>
    <H1 align=\"center\">ENLISTED RANKS OF THE HORDE</H1><BR/>
    <IMG src=\"Interface\PvPRankBadges\PvPRank05\" align=\"left\"/><BR/>
    <P align=\"right\">First Sergeant</P><BR/><BR/>
    <IMG src=\"Interface\PvPRankBadges\PvPRank04\" align=\"left\"/><BR/>
    <P align=\"right\">Senior Sergeant</P><BR/><BR/>
    <IMG src=\"Interface\PvPRankBadges\PvPRank03\" align=\"left\"/><BR/>
    <P align=\"right\">Sergeant</P><BR/><BR/>
    <IMG src=\"Interface\PvPRankBadges\PvPRank02\" align=\"left\"/><BR/>
    <P align=\"right\">Grunt</P><BR/><BR/>
    <IMG src=\"Interface\PvPRankBadges\PvPRank01\" align=\"left\"/><BR/>
    <P align=\"right\">Scout</P><BR/><BR/>
    </BODY>
    </HTML>' WHERE `entry`=2855;

Attached (3) screenshot (in SQL page, after clicking Execute, after clicking Execute a 2nd time)

Using Chive 1.0.3
Using Google Chrome 20.0.1132.17 beta-m

See original description
Revision history for this message
Dud Dod (dnpd-dd) wrote :
description: updated
Revision history for this message
David Roth (davrot) wrote :

This has been resolved in the 1.1 series and well be available in chive 1.1 soon.

Changed in chive:
assignee: nobody → David Roth (davrot)
milestone: none → 1.1
status: New → Fix Committed
David Roth (davrot)
Changed in chive:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.