View Issue Details [ Jump to Notes ] | [ Print ] |
ID | Project | Category | View Status | Date Submitted | Last Update |
0012341 | CDash | | public | 2011-07-14 23:14 | 2011-12-23 08:26 |
|
Reporter | Emmanuel Christophe | |
Assigned To | Julien Jomier | |
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | resolved | Resolution | fixed | |
Platform | | OS | | OS Version | |
Product Version | | |
Target Version | | Fixed in Version | 2.0 | |
|
Summary | 0012341: Test names not escaped |
Description | Tests names are not escaped for "<" and ">" leading to this error:
Warning: DOMDocument::loadXML() [domdocument.loadxml]: StartTag: invalid element name in Entity, line: 17 in /var/www/Dashboard/cdash/common.php on line 42
There might be a potential for injection attacks.
(with cdash 1.8.2) |
Steps To Reproduce | Submit a test with a name such as:
test<->1234 |
Tags | No tags attached. |
|
Attached Files | |
|