#5696 - Improper filtering of either_param_string

By PDStig
Added 13th Apr 2024, 10:25 PM
2 views

Identifier	#5696
Issue type	Minor issue (breaks specific functionality)
Title	Improper filtering of either_param_string
Status	Completed
Handling member	PDStig
Version	11 alpha1
Addon	core
Description	either_param_string would trigger a hack attack if a POST parameter contained advanced text (such as Comcode) because it would always use GET filtering. Fix the function so it will use POST filtering if the requested parameter is actually POSTed.
Steps to reproduce
Funded?	No
Commits	Fixed MANTIS-5696 (Improper filtering of either_param_string) (5b7f89cc) · Commits · Composr ecosystem / Composr · GitLab

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 13th Apr 2024, 10:25 PM

A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/).

#5696 - Improper filtering of either_param_string

Rating

Comments

Statistics