[interchange-bugs] [Comment] Re: [rt.icdevgroup.org #306] XSS Exploit in demo -- UserDB.pm

David Christensen via RT interchange-comment at rt.icdevgroup.org
Sun Feb 27 23:08:10 UTC 2011


http://rt.icdevgroup.org/Ticket/Display.html?id=306
This is a comment.  It is not sent to the Requestor(s):


On Feb 27, 2011, at 2:04 PM, Gert van der Spoel via RT wrote:

> 
> http://rt.icdevgroup.org/Ticket/Display.html?id=306
> This is a comment.  It is not sent to the Requestor(s):
> 
> The applied patch seems to have a difference, or was changed at a later stage, to: 
> die errmsg("Username contains illegal characters.\n")
> 
> notice the \n  in the errmsg ... This does not go well with the locale file where you have 1 item per line, new lines are not working too good ... 
> 
> Suggest to change it to:
> die errmsg("Username contains illegal characters.") . "\n"

+1

Regards,

David
--
David Christensen
End Point Corporation
david at endpoint.com









More information about the interchange-bugs mailing list