Menu

#2543 (ok 2.11.2)Browse Foreign Values - Return Values Not Escaped

2.11.1
fixed
Marc Delisle
Interface (555)
1
2013-06-11
2007-10-01
Alex Rambau
No

When using the "browse foreign values" functionality of the application, incorrect return values are specified in the selection lists. For instance, the value (an Active Directory username) 'domain\bjones' is returned as 'domainjones'. Return values are not escaped.

Discussion

  • Alex Rambau

    Alex Rambau - 2007-10-01

    Logged In: YES
    user_id=1819775
    Originator: YES

    Lines 250 and 258 of browse_foreigners.php seem to be the issue. Adding function call to addslashes before htmlspecialchars seems to do the trick.

     

  • Alex Rambau

    Alex Rambau - 2007-10-02

    Patch against revision 10684

     
    browse_foreigners.diff

  • Alex Rambau

    Alex Rambau - 2007-10-02

    Logged In: YES
    user_id=1819775
    Originator: YES

    File Added: browse_foreigners.diff

     

  • Marc Delisle

    Marc Delisle - 2007-10-02
    • assigned_to: nobody --> lem9
     

  • Marc Delisle

    Marc Delisle - 2007-10-02

    Logged In: YES
    user_id=210714
    Originator: NO

    Fixed, thanks for the patch.

     

  • Marc Delisle

    Marc Delisle - 2007-10-02
    • priority: 5 --> 1
    • summary: Browse Foreign Values - Return Values Not Escaped --> (ok 2.11.2)Browse Foreign Values - Return Values Not Escaped
    • status: open --> open-fixed
     

  • Marc Delisle

    Marc Delisle - 2007-10-27
    • status: open-fixed --> closed-fixed
     

  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-fixed --> fixed