Opened 16 years ago

Closed 16 years ago

#68 closed defect (duplicate)

Malformed user name input not blocked by preferences template

Reported by: Earle Martin Owned by: Dominic Hargreaves
Priority: normal Milestone:
Component: openguides Version: svn
Severity: normal Keywords: templates cgi
Cc:

Description

If you put something like

<a href="http://example.com/">Foo</a>

into the preferences page as your username, the edit form gets broken. (See attachment.) The username should be unescaped or some such before being set in the preferences cookie.

Attachments (1)

broken_edit_form.png (11.9 KB) - added by Earle Martin 16 years ago.
Screenshot of broken edit form.

Download all attachments as: .zip

Change History (2)

Changed 16 years ago by Earle Martin

Attachment: broken_edit_form.png added

Screenshot of broken edit form.

comment:1 Changed 16 years ago by Dominic Hargreaves

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.