Bug #2068

Single and double quotes characters escaped

Added by Davide Principi about 8 years ago. Updated almost 8 years ago.

Status:CLOSEDStart date:08/22/2013
Priority:NormalDue date:08/22/2013
Assignee:-% Done:

100%

Category:nethserver-httpd-admin
Target version:v6.4-beta2
Security class: Resolution:
Affected version:v6.4-beta1 NEEDINFO:No

Description

In any form in server-manager UI:

  1. Type " (double quotes) or ' (single quote) into any text field
  2. Post the form

Each " is escaped by backslash => \". The same happens for '.

Related issues

Related to NethServer 6 - Bug #2094: RemoteAccess/HttpdAdmin UI module does not expand httpd-a... CLOSED 08/22/2013 08/22/2013
Related to NethServer 6 - Bug #2701: Visualization problems with accented letters CLOSED

Associated revisions

Revision af25b6d6
Added by Davide Principi almost 8 years ago

Framework (createRequestModApache): die if magic_quotes_gpc directive is enabled. Refs #2068

Revision dcfdd676
Added by Davide Principi almost 8 years ago

/etc/httpd/admin-conf/httpd.conf template: disable PHP magic_quotes_gpc flag. Refs #2068

History

#1 Updated by Davide Principi almost 8 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Davide Principi almost 8 years ago

  • Due date set to 08/22/2013
  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • Start date set to 08/22/2013
  • % Done changed from 20 to 30
  • Estimated time set to 2.00

Caused by magic_quotes_gpc directive, deprecated as of PHP 5.3.0, removed as of 5.4.0.

It must be disabled.

#3 Updated by Davide Principi almost 8 years ago

This is not a Nethgui problem. Disabling magic quotes is application-specific. Anyway an error must be displayed if magic quotes are enabled.

#4 Updated by Davide Principi almost 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

After upgrading to modified version the backslashes are no more there

#5 Updated by Davide Principi almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-nethgui-1.2.2-2.0gitaf25b6d6.ns6.noarch.rpm
nethserver-httpd-admin-1.0.4-3.0gitdcfdd676.ns6.noarch.rpm

Complete also QA for #2094

#6 Updated by Giacomo Sanchietti almost 8 years ago

  • Assignee set to Giacomo Sanchietti

#7 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Before modification from web UI:

[root@test ~]# config show OrganizationContact 
OrganizationContact=configuration
    City=Ottawa
    Company=XYZ Corporation
    CountryCode=
    Department=Main
    PhoneNumber=555-5555
    State=
    Street=123 Main Street

After adding single quote on City field and double quotes on Street field:

[root@test ~]# config show OrganizationContact 
OrganizationContact=configuration
    City=Otta'w'a
    Company=XYZ Corporation
    CountryCode=
    Department=Main
    PhoneNumber=555-5555
    State=
    Street=123 Main "Street"

PHP magic_quotes_gpc option is disabled for /usr/share/nethesis/nethserver-manager/ directory in /etc/httpd/admin-conf/httpd.conf-

Tested with packages:
  • nethserver-nethgui-1.2.2-2.0gitaf25b6d6.ns6.noarch
  • nethserver-httpd-admin-1.0.4-7.0git9c9f9aa3.ns6.noarch

Marking as VERIFIED.

#8 Updated by Davide Principi almost 8 years ago

Packager note:
Blocked by #2103 #2075, ON_QA

#9 Updated by Davide Principi almost 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-base-1.4.1-1.ns6.noarch.rpm
nethserver-httpd-admin-1.0.5-1.ns6.noarch.rpm
nethserver-firewall-base-1.0.5-1.ns6.noarch.rpm

Also available in: Atom PDF