[interchange-bugs] [rt.icdevgroup.org #306] [Comment] XSS Exploit in demo -- UserDB.pm
David Christensen
david at endpoint.com
Sun Feb 27 23:08:04 UTC 2011
On Feb 27, 2011, at 2:04 PM, Gert van der Spoel via RT wrote:
>
> http://rt.icdevgroup.org/Ticket/Display.html?id=306
> This is a comment. It is not sent to the Requestor(s):
>
> The applied patch seems to have a difference, or was changed at a later stage, to:
> die errmsg("Username contains illegal characters.\n")
>
> notice the \n in the errmsg ... This does not go well with the locale file where you have 1 item per line, new lines are not working too good ...
>
> Suggest to change it to:
> die errmsg("Username contains illegal characters.") . "\n"
+1
Regards,
David
--
David Christensen
End Point Corporation
david at endpoint.com
More information about the interchange-bugs
mailing list