[MAGNOLIA-3191] The content of log files is not escaped before being rendered via log viewer Created: 05/May/10 Updated: 02/Apr/13 Resolved: 06/May/10 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | admininterface |
| Affects Version/s: | 4.1.4, 4.2.3, 4.3.1 |
| Fix Version/s: | 4.2.4, 4.1.6, 4.3.2 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Jan Haderka | Assignee: | Jan Haderka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Description |
|
Currently content of the log files is assumed to be safe. This assumption is incorrect as the log file might include messages from content entered by users in search form or other input fields on the site and therefore must be escaped. Workaround:
|