Launchpad itself

XSS Security issue on Launchpad

Bug #204617 reported by Emanuele Gentili
258
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Medium
Celso Providelo

Bug Description

Launchpad have a security issue on PPA Delect Packages comment.

https://edge.launchpad.net/~emgent/+archive/+delete-packages

The problem is in "Deletion comment", because accept and exec "<" ">" this chars.

It's possible solve it to simple php control with str_replace:

           $up1 = array ("<" , ">");
           $patch_deletion_comment_description = str_replace($up1, "", delete_comment_description);

and than substitute %{VAR} on submit string.

Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in launchpad:
status: New → Confirmed
Celso Providelo (cprov)
Changed in launchpad:
importance: Undecided → Medium
status: Confirmed → In Progress
Changed in soyuz:
milestone: none → 1.2.3
Celso Providelo (cprov)
Changed in soyuz:
assignee: nobody → cprov
Revision history for this message
Celso Providelo (cprov) wrote :

RF 5945

Changed in soyuz:
status: In Progress → Fix Committed
Celso Providelo (cprov)
Changed in soyuz:
status: Fix Committed → Fix Released
Curtis Hovey (sinzui)
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.