MantisBT
Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories
  

View Issue Details Jump to Notes ] Wiki ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007051mantisbtbugtrackerpublic2006-05-08 07:402007-05-08 03:43
Reporterpolzin 
Assigned Tothraxisp 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.0.3 
Target VersionFixed in Version1.0.4 
Summary0007051: Fix for 0006869 / 0007034 removes quoted "?" from arguments
DescriptionThe fix for 0006869 / 0007034 (in cvs) removes quoted "?" from arguments with the lines

function string_sanitize_url( $p_url ) {
[...]
$t_url = strip_tags( urldecode( $p_url ) );
[...]
$t_param = str_replace( '?','', $t_param );


Is there some security reason for this? I have not found a code break in a release version, but it breaks my patch in 0005432. This produces urls like:

set_project.php?project_id=7&make_default=no&ref=bug_view_page.php%3Fbug_id%3D4230


after string_sanitize_url this is transformed to

set_project.php?project_id=7&make_default=no&ref=bug_view_page.phpbug_id%3D4230


Note that the "%3f" for ? has been removed and the new url is invalid.

If there is no security reason for it, I would suggest removing the "$t_param = str_replace( '?','', $t_param );" line.
TagsNo tags attached.
Attached Files

- Relationships
parent of 0007257closedthraxisp Port: Fix for 0006869 / 0007034 removes quoted "?" from arguments 
has duplicate 0007055closedvboctor invalid redirect url returned from string_sanitize_url 
has duplicate 0007116closedvboctor Redirection after editing of bugnote fails 
has duplicate 0007141closedvboctor redirection after login goes wrong 
has duplicate 0007160closedvboctor Error while after changing note 
has duplicate 0007202closedryandesign invalid URL when forwarded 
has duplicate 0007215closedryandesign "retrurn" parameter for login_page.php is wrong 
has duplicate 0007153closedryandesign Error message on editing notices 
has duplicate 0007134closedryandesign Application Error #203 
has duplicate 0007240closedryandesign return to issue (from login page) loses '?' 
has duplicate 0007234closedryandesign Mantis sends wrong links 
has duplicate 0007237closedryandesign editing notes causes error 
has duplicate 0007161closedvboctor Issue link in mantis email gets corrupted once user log's in 
related to 0007073closedryandesign Display of Link in notification-mail fails after Login with User-ID and password 
related to 0007276closedgrangeway My suggestion for a corrected (and simplified) string_sanitize_url() 
child of 0007052closedvboctor Mantis 1.0.4 Release 

-  Notes
User avatar (0012891)
polzin (reporter)
2006-05-23 07:17
edited on: 2006-06-26 04:47

 Additionally there is problem in quoting "#" to "%23". This leads to the error message after deleting (see 0007078) and also after editing a bugnote (AFAIK, not reported yet).

(The error happens after redirected from the "Operation successful." page. If you click on the link "[ Click here to proceed ]" there is no problem, but automatic redirection does not work properly).

Therefore, I would set the severity of this higher than "minor".
User avatar (0013065)
thraxisp (manager)
2006-07-04 23:07

 Fixed in CVS

core/string_api.php -> 1.75.4.2.2.1.2.1.2.2

- Issue History
Date Modified Username Field Change
2006-05-08 07:40 polzin New Issue
2006-05-08 07:48 vboctor Relationship added child of 0007052
2006-05-08 16:06 vboctor Relationship added has duplicate 0007055
2006-05-16 14:15 ryandesign Relationship added related to 0007073
2006-05-23 07:17 polzin Note Added: 0012891
2006-05-23 07:26 polzin Note Edited: 0012891
2006-05-24 17:22 vboctor Relationship added has duplicate 0007116
2006-05-28 10:29 vboctor Relationship added has duplicate 0007141
2006-06-18 14:34 ryandesign Severity minor => major
2006-06-18 17:15 ryandesign Relationship added related to 0007160
2006-06-22 13:23 ryandesign Relationship added has duplicate 0007202
2006-06-22 13:24 ryandesign Relationship added has duplicate 0007215
2006-06-23 21:24 chillax Relationship added related to 0007153
2006-06-23 21:26 chillax Relationship added related to 0007134
2006-06-26 04:47 polzin Note Edited: 0012891
2006-06-29 16:11 chillax Relationship added related to 0007240
2006-06-29 16:12 chillax Relationship added related to 0007234
2006-06-29 16:12 chillax Relationship added related to 0007237
2006-07-01 14:24 ryandesign Relationship replaced has duplicate 0007234
2006-07-01 14:25 ryandesign Relationship replaced has duplicate 0007153
2006-07-01 14:26 ryandesign Relationship replaced has duplicate 0007240
2006-07-01 14:27 ryandesign Relationship replaced has duplicate 0007237
2006-07-01 14:28 ryandesign Relationship replaced has duplicate 0007134
2006-07-04 23:05 thraxisp Issue cloned: 0007257
2006-07-04 23:05 thraxisp Relationship added parent of 0007257
2006-07-04 23:07 thraxisp Status new => resolved
2006-07-04 23:07 thraxisp Fixed in Version => 1.0.4
2006-07-04 23:07 thraxisp Resolution open => fixed
2006-07-04 23:07 thraxisp Assigned To => thraxisp
2006-07-04 23:07 thraxisp Note Added: 0013065
2006-07-13 12:37 ryandesign Relationship added related to 0007276
2006-08-06 03:46 vboctor Relationship replaced has duplicate 0007160
2006-09-29 01:51 vboctor Relationship added has duplicate 0007161
2007-05-08 03:43 vboctor Status resolved => closed

MantisBT 1.2.16dev master-1.2.x-8c2bd07 [^]
Copyright © 2000 - 2013 MantisBT Team
Time: 0.1216 seconds.
memory usage: 2,927 KB
Powered by Mantis Bugtracker