[interchange-bugs] [rt.icdevgroup.org #306] [Comment] XSS Exploit in demo -- UserDB.pm

David Christensen david at endpoint.com
Sun Feb 27 23:08:04 UTC 2011


On Feb 27, 2011, at 2:04 PM, Gert van der Spoel via RT wrote:

> 
> http://rt.icdevgroup.org/Ticket/Display.html?id=306
> This is a comment.  It is not sent to the Requestor(s):
> 
> The applied patch seems to have a difference, or was changed at a later stage, to: 
> die errmsg("Username contains illegal characters.\n")
> 
> notice the \n  in the errmsg ... This does not go well with the locale file where you have 1 item per line, new lines are not working too good ... 
> 
> Suggest to change it to:
> die errmsg("Username contains illegal characters.") . "\n"

+1

Regards,

David
--
David Christensen
End Point Corporation
david at endpoint.com







More information about the interchange-bugs mailing list