[jira] [Updated] (GUACAMOLE-1261) Inadequate input validation in user group names causes broken hyperlinks when forward slashes are included in user group name.

Mike Jumper (Jira) Mon, 11 Jan 2021 12:35:05 -0800


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mike Jumper updated GUACAMOLE-1261:
-----------------------------------
    Affects Version/s:     (was: 1.2.0)

> Inadequate input validation in user group names causes broken hyperlinks when 
> forward slashes are included in user group name.
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-1261
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1261
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>            Reporter: David McDonald
>            Priority: Minor
>
> When a forward slash in included in the name of a User Group, the hyperlink 
> that is supposed direct the user to the settings page for that User Group is 
> broken, redirecting the user to the main page. This is because the slash is 
> not properly escaped in the URL, leading to it's interpretation as part of 
> the path.
> Once this happens, the only way to delete/update that User Group is through 
> deleting/updating its entry in the MySQL/Postgresql database directly. 
> This is likely present in other areas of the website, such as users, 
> connections, etc. The most probable solution involves improving input 
> validation through, for example, disallowing the use of forward slashes in 
> names.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (GUACAMOLE-1261) Inadequate input validation in user group names causes broken hyperlinks when forward slashes are included in user group name.

Reply via email to