David McDonald created GUACAMOLE-1261:
-----------------------------------------
Summary: Inadequate input validation in user group names causes
broken hyperlinks when forward slashes are included in user group name.
Key: GUACAMOLE-1261
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1261
Project: Guacamole
Issue Type: Bug
Components: Website
Affects Versions: 1.2.0
Reporter: David McDonald
When a forward slash in included in the name of a User Group, the hyperlink
that is supposed direct the user to the settings page for that User Group is
broken, redirecting the user to the main page. This is because the slash is not
properly escaped in the URL, leading to it's interpretation as part of the path.
Once this happens, the only way to delete/update that User Group is through
deleting/updating its entry in the MySQL/Postgresql database directly.
This is likely present in other areas of the website, such as users,
connections, etc. The most probable solution involves improving input
validation through, for example, disallowing the use of forward slashes in
names.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
