Bug #2068
Single and double quotes characters escaped
Status: | CLOSED | Start date: | 08/22/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 08/22/2013 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-httpd-admin | |||
Target version: | v6.4-beta2 | |||
Security class: | Resolution: | |||
Affected version: | v6.4-beta1 | NEEDINFO: | No |
Description
In any form in server-manager UI:
- Type
"
(double quotes) or'
(single quote) into any text field - Post the form
Each "
is escaped by backslash => \"
. The same happens for '
.
Related issues
Associated revisions
Framework (createRequestModApache): die if magic_quotes_gpc directive is enabled. Refs #2068
/etc/httpd/admin-conf/httpd.conf template: disable PHP magic_quotes_gpc flag. Refs #2068
History
#1 Updated by Davide Principi almost 8 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Davide Principi almost 8 years ago
- Due date set to 08/22/2013
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- Start date set to 08/22/2013
- % Done changed from 20 to 30
- Estimated time set to 2.00
Caused by magic_quotes_gpc directive, deprecated as of PHP 5.3.0, removed as of 5.4.0.
It must be disabled.
#3 Updated by Davide Principi almost 8 years ago
This is not a Nethgui problem. Disabling magic quotes is application-specific. Anyway an error must be displayed if magic quotes are enabled.
#4 Updated by Davide Principi almost 8 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
After upgrading to modified version the backslashes are no more there
#5 Updated by Davide Principi almost 8 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-nethgui-1.2.2-2.0gitaf25b6d6.ns6.noarch.rpm
nethserver-httpd-admin-1.0.4-3.0gitdcfdd676.ns6.noarch.rpm
Complete also QA for #2094
#6 Updated by Giacomo Sanchietti almost 8 years ago
- Assignee set to Giacomo Sanchietti
#7 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Before modification from web UI:
[root@test ~]# config show OrganizationContact OrganizationContact=configuration City=Ottawa Company=XYZ Corporation CountryCode= Department=Main PhoneNumber=555-5555 State= Street=123 Main Street
After adding single quote on City field and double quotes on Street field:
[root@test ~]# config show OrganizationContact OrganizationContact=configuration City=Otta'w'a Company=XYZ Corporation CountryCode= Department=Main PhoneNumber=555-5555 State= Street=123 Main "Street"
PHP magic_quotes_gpc option is disabled for /usr/share/nethesis/nethserver-manager/
directory in /etc/httpd/admin-conf/httpd.conf
-
- nethserver-nethgui-1.2.2-2.0gitaf25b6d6.ns6.noarch
- nethserver-httpd-admin-1.0.4-7.0git9c9f9aa3.ns6.noarch
Marking as VERIFIED.
#8 Updated by Davide Principi almost 8 years ago
#9 Updated by Davide Principi almost 8 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-base-1.4.1-1.ns6.noarch.rpm
nethserver-httpd-admin-1.0.5-1.ns6.noarch.rpm
nethserver-firewall-base-1.0.5-1.ns6.noarch.rpm