ClearFoundation Tracker - ClearOS | ||||||||||
| View Issue Details | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||||
| 0000070 | ClearOS | clearos-framework | public | 2010-04-08 20:57 | 2010-07-20 12:42 | |||||
| Reporter | bchambers | |||||||||
| Assigned To | ||||||||||
| Priority | normal | Severity | minor | Reproducibility | always | |||||
| Status | closed | Resolution | fixed | |||||||
| Platform | OS | OS Version | ||||||||
| Product Version | 5.1 | |||||||||
| Target Version | 5.2 | Fixed in Version | 5.2 | |||||||
| Summary | 0000070: Selecting root or user password with < or > characters prevents webconfig login | |||||||||
| Description | < and > are valid characters for a password that can be used to select the root password during installation and (possibly, not verified) used when creating user accounts or resetting a password. /var/webconfig/gui/Webconfig.inc.php has a "WebCheckFormVariables" method which barfs "Invalid form variable" when it sees a < or >. This makes logging into webconfig impossible. | |||||||||
| Steps To Reproduce | ||||||||||
| Additional Information | To duplicate, set root password to something like: bob>123 using passwd utility. Then, try logging to webconfig as root. | |||||||||
| Tags | No tags attached. | |||||||||
| Relationships |
| |||||||||
| Attached Files | ||||||||||
| Issue History | ||||||||||
| Date Modified | Username | Field | Change | |||||||
| 2010-04-08 20:57 | bchambers | New Issue | ||||||||
| 2010-04-10 11:12 | user2 | Relationship added | related to 0000012 | |||||||
| 2010-04-10 11:12 | user2 | Severity | major => minor | |||||||
| 2010-04-10 11:12 | user2 | Status | new => confirmed | |||||||
| 2010-04-29 12:34 | user2 | Checkin | ||||||||
| 2010-04-29 12:34 | user2 | Note Added: 0000098 | ||||||||
| 2010-04-29 12:35 | user2 | Note Deleted: 0000098 | ||||||||
| 2010-06-09 11:49 | user2 | Checkin | ||||||||
| 2010-06-09 11:49 | user2 | Note Added: 0000174 | ||||||||
| 2010-06-09 11:49 | user2 | Status | confirmed => resolved | |||||||
| 2010-06-09 11:49 | user2 | Resolution | open => fixed | |||||||
| 2010-06-09 11:50 | user2 | Fixed in Version | => 5.2 | |||||||
| 2010-06-09 11:50 | user2 | Target Version | => 5.2 | |||||||
| 2010-07-20 12:42 | user2 | Status | resolved => closed | |||||||
| Notes | |||||
|
|
|||||
|
|
||||