Bug#746432: ocsinventory-reports oversanitizes GET and POST data

Control: tags -1 fixed-upstream Fixed upstream in commit:bf4b99d01fc6bbeaeef9c1d8de37f263b3bdbaf5 and following ones. (Version 2.2Beta1 ) This implies a database structure change and looks hard to backport. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of

Bug#746432: ocsinventory-reports oversanitizes GET and POST data

Control: tags -1 security I can confirm the issue: If you change the admin password to '1<2345678', you can log in with just '1'. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#746432: ocsinventory-reports oversanitizes GET and POST data

I have also posted this bug upstream, together with a couple of other issues: https://bugs.launchpad.net/ocsinventory-ocsreports/+bug/1342210 (currently still private) Regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Troub

Bug#746432: ocsinventory-reports oversanitizes GET and POST data

Package: ocsinventory-reports Version: 2.0.5-1.1 Severity: important Dear Maintainer, ocsinventory-reports oversanitizes GET and POST data. In require/header.php there are the following three lines 179-181: //SECURITY $protectedPost=strip_tags_array($_POST); $protectedGet=strip_tags_array($_GET)