Changing packet display type shows error message

Brought to you by: secureideas, sinukas

#226 Changing packet display type shows error message

Milestone: BASE

Status: open

Owner: Randal Rioux

Labels: Interface (166)

Priority: 7

Updated: 2009-11-20

Created: 2009-10-07

Creator: Anonymous

Private: No

When changing the packet display type (Normal Display or Plain Display), and error is shown with version 1.4.4:

invalid (sid,cid) pair (,)

Clicking [Back] shows the correct display.

Discussion

Randal Rioux - 2009-11-20

assigned_to: nobody --> rrioux

priority: 5 --> 7
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Juergen Leising - 2009-11-20

Hello,

this problem has been introduced by

http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_qry_alert.php?r1=1.61&r2=1.62

You can fix it by removing urlencode() when its argument is $query.

However, this reverts the fix for some of those XSS flaws.

Bye, bye

Juergen

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: