XSS Security issue on Launchpad
Bug #204617 reported by
Emanuele Gentili
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Medium
|
Celso Providelo |
Bug Description
Launchpad have a security issue on PPA Delect Packages comment.
https:/
The problem is in "Deletion comment", because accept and exec "<" ">" this chars.
It's possible solve it to simple php control with str_replace:
$up1 = array ("<" , ">");
and than substitute %{VAR} on submit string.
Changed in launchpad: | |
importance: | Undecided → Medium |
status: | Confirmed → In Progress |
Changed in soyuz: | |
milestone: | none → 1.2.3 |
Changed in soyuz: | |
assignee: | nobody → cprov |
Changed in soyuz: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
To post a comment you must log in.
RF 5945