[interchange-bugs] [Comment] Re: [rt.icdevgroup.org #306] XSS Exploit in demo -- UserDB.pm
David Christensen via RT
interchange-comment at rt.icdevgroup.org
Sun Feb 27 23:08:10 UTC 2011
http://rt.icdevgroup.org/Ticket/Display.html?id=306
This is a comment. It is not sent to the Requestor(s):
On Feb 27, 2011, at 2:04 PM, Gert van der Spoel via RT wrote:
>
> http://rt.icdevgroup.org/Ticket/Display.html?id=306
> This is a comment. It is not sent to the Requestor(s):
>
> The applied patch seems to have a difference, or was changed at a later stage, to:
> die errmsg("Username contains illegal characters.\n")
>
> notice the \n in the errmsg ... This does not go well with the locale file where you have 1 item per line, new lines are not working too good ...
>
> Suggest to change it to:
> die errmsg("Username contains illegal characters.") . "\n"
+1
Regards,
David
--
David Christensen
End Point Corporation
david at endpoint.com
More information about the interchange-bugs
mailing list