Kit::ValidateParam fails on passwords containing ampersands
Bug #587947 reported by
Micah Tomblin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Xibo |
Fix Released
|
Low
|
Alex Harrington | ||
Bug Description
It appears that we're currently running htmlentities() on _PASSWORD types in Kit::ValidatePa
Related branches
lp:~alexharrington/xibo/587947
(Merged)
Revision history for this message
| Alex Harrington (alexharrington) wrote | #1 |
Revision history for this message
| Dan Garner (dangarner) wrote Re: [Bug 587947] Re: Kit::ValidateParam fails on passwords containing ampersands | #2 |
Revision history for this message
| Alex Harrington (alexharrington) wrote | #3 |
| Changed in xibo: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| milestone: | none → 1.2.0 |
| milestone: | 1.2.0 → 1.2.0-rc1 |
| Changed in xibo: | |
| assignee: | nobody → Alex Harrington (alexharrington) |
| Changed in xibo: | |
| status: | Confirmed → Fix Committed |
| Changed in xibo: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Perhaps need to move to just using sprintf combined with mysql_real_
Presumably $db->escape_
I've taken a quick look through the installer/upgrader code and I don't think it would care if that happened.
A