View Issue Details

IDProjectCategoryView StatusLast Update
5696Composrcorepublic2024-04-14 02:25
ReporterPDStig Assigned ToPDStig  
PriorityhighSeverityminor 
Status resolvedResolutionfixed 
Product Version11.alpha1 
Summary5696: Improper filtering of either_param_string
Descriptioneither_param_string would trigger a hack attack if a POST parameter contained advanced text (such as Comcode) because it would always use GET filtering.

Fix the function so it will use POST filtering if the requested parameter is actually POSTed.
TagsNo tags attached.
Attach Tags
Attached Files
Time estimation (hours)
Sponsorship open

Sponsor

Date Added Member Amount Sponsored

Activities

admin

2024-04-14 02:25

administrator   ~8585

Fixed in Git commit 5b7f89ccf0 (https://gitlab.com/composr-foundation/composr/commit/5b7f89ccf0 - link will become active once code pushed to GitLab)

admin

2024-04-14 02:25

administrator   ~8586

A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/).

Issue History

Date Modified Username Field Change