Thank you for taking the time to report this bug and helping to make Ubuntu better.
The url_encode calls were added in 3.0.2 to fix XSS security issues, however the implementation was buggy, as you saw. It was later fixed in 3.0.4 by using a new "escape_string" function. We need to pull that one (from cgi/cgiutils.c) to properly fix this bug, together with all the CGIs modified to take advantage of it. I am closing this bug because it has been fixed in the latest development version of Ubuntu - the Jaunty Jackalope. If you need a fix for the bug for 8.10, please do steps 1 and 2 of the SRU Procedure [1] to bring the need to a developer's attention. [1]: https://wiki.ubuntu.com/StableReleaseUpdates#Procedure ** Changed in: nagios3 (Ubuntu) Status: New => Fix Released -- several reports will not allow submitting parameters https://bugs.launchpad.net/bugs/322952 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
