#5779: api.cakephp.org search input not properly escaped -----------------------------+---------------------------------------------- Reporter: davidpersson | Type: Bug Status: new | Priority: High Milestone: | Component: Documentation Version: | Severity: Critical Keywords: | Php_version: n/a Cake_version: | -----------------------------+---------------------------------------------- When using the search input field double quotes are not being escaped. This allows for arbitrary inclusion of html and js. [[BR]] [[BR]] '''Input''' [[BR]] {{{" <img src="http://www.cakephp.org/img/cake-logo.png" />}}}
'''Link''' [[BR]] {{{http://api.cakephp.org/search.php?query="+<img+src%3D"http%3A%2F%2Fwww.cakephp.org%2Fimg %2Fcake-logo.png"+%2F>}}} '''Input''' [[BR]] {{{" <script type="text/javascript">alert('Oh no');</script>}}} [[BR]] [[BR]] '''Link''' [[BR]] {{{http://api.cakephp.org/search.php?query=%22+%3Cscript+type%3D%22text%2Fjavascript%22%3Ealert(%27Oh+no%27)%3B%3C%2Fscript%3E}}} [[BR]] [[BR]] This seems to be a doxygen bug which hasn't (as far as i can see) not reported yet. -- Ticket URL: <https://trac.cakephp.org/ticket/5779> CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/> Cake is a rapid development framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Our primary goal is to provide a structured framework that enables PHP users at all levels to rapidly develop robust web applications, without any loss to flexibility. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "tickets cakephp" group. To post to this group, send email to tickets-cakephp@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/tickets-cakephp?hl=en -~----------~----~----~----~------~----~------~--~---