[jira] [Commented] (GUACAMOLE-1649) usernames containing \ or / trigger an error in webclient

Fri, 29 Jul 2022 06:34:08 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17572985#comment-17572985
 ] 

Andries Broekema commented on GUACAMOLE-1649:
---------------------------------------------

Suggestion: looking at how the url is formed

for user guacadmin [https://.../guacamole/#/manage/postgresql/users/guacadmin] 
or

for user a/b 
[https://.../guacamole/#/manage/postgresql/users/a/b|https://.../guacamole/#/manage/postgresql/users/guacadmin]

And looking at de database schema, I guess that the url is formed by appending 
guacamole_entity.name to the url-path. In the same guacamole_entity table 
another field exists: guacamole_entity.entity_id. The entity_id is a number, so 
no problems with url's and special characters, no assumptions on usernames. But 
I'm totally not familiar with the guacamole sources, so this is either quite 
trivial and easy, or a complete nightmare to change.

If it is doable, the url should look like 
[https://.../guacamole/#/manage/postgresql/users/12345|https://.../guacamole/#/manage/postgresql/users/guacadmin]

> usernames containing \ or / trigger an error in webclient
> ---------------------------------------------------------
>
>                 Key: GUACAMOLE-1649
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1649
>             Project: Guacamole
>          Issue Type: Bug
>    Affects Versions: 1.4.0
>         Environment: firefox 102.x
> guacamole 1.4.0
> openjdk 11.0.15
> tomcat 9.0.62
> postgresql 12.11
> nginx 1.8.0
> (k)ubuntu 20.04 LTS
> openssl 1.1.1f
>            Reporter: Andries Broekema
>            Priority: Minor
>
> Using the webinterface for administration. Create a new user via [ Settings, 
> Users, New User ]; Enter e new username e.g.
>  * /
>  * \
>  * a/b
>  * a\b
> Guacamole shows an error message, but yet the account with this name has been 
> created. Click the new user name to edit its details. Result: guacamole 
> displays an error message, so the details page cannot be reached. So, the 
> account cannot be edited or deleted from guacamole. The account can only be 
> deleted using SQL to the database.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to