• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item6137: %URLPARAM% in HTML input form fields need to be entity encoded
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | Normal | Closed | n/a | 4.2.4, 5.0.0 |
Edit Form Data
Detail
A few XSS issues - a few topics needs %URLPARAM% to be used with proper syntax e.g. TWiki.ResetPassword, TWiki.WebSearch needs to be updated for handling URLPARAM encoding in a better way.
This is encoding issue on URL parameters.
Thanks to Marc Schoenefeld and Steve 'Ashcrow' Milner for raising this issue through emails.
Thanks Peter for figuring out the solution.
-- TWiki:Main/SopanShewale
- 01 Dec 2008
All HTML input field values that have a URLPARAM need to be entity escaped as documented in TWiki:TWiki.VarURLPARAM and TWiki:TWiki.VarENCODE.
Example:
- 01 Dec 2008
Closing this bug after release
-- TWiki:Main.SopanShewale - 11 Dec 2008
- 01 Dec 2008
All HTML input field values that have a URLPARAM need to be entity escaped as documented in TWiki:TWiki.VarURLPARAM and TWiki:TWiki.VarENCODE.
Example:
<input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" />
-- TWiki:Main.PeterThoeny - 01 Dec 2008
Closing this bug after release
-- TWiki:Main.SopanShewale - 11 Dec 2008
| ItemTemplate | |
|---|---|
| Summary | %URLPARAM% in HTML input form fields need to be entity encoded |
| ReportedBy |
TWiki:Main.SopanShewale
|
| Codebase | 4.2.2 |
| SVN Range | TWiki-5.0.0, Wed, 22 Oct 2008, build 17677 |
| AppliesTo | Engine |
| Component | |
| Priority | Normal |
| CurrentState | Closed |
| WaitingFor | |
| Checkins |
TWikirev:17743 TWikirev:17744 TWikirev:17747 TWikirev:17748 TWikirev:17749 TWikirev:17750 TWikirev:17751 TWikirev:17752 TWikirev:17753 TWikirev:17754 TWikirev:17755 TWikirev:17756 TWikirev:17757 TWikirev:17758 TWikirev:17759 TWikirev:17760 TWikirev:17761 TWikirev:17762 TWikirev:17766 TWikirev:17767
|
| TargetRelease | n/a |
| ReleasedIn | 4.2.4, 5.0.0 |
Topic revision: r25 - 2008-12-11 - SopanShewale
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback