You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On Sun, Sep 20, 2020 at 11:15 AM Azuk 443 ***@***.***> wrote:
*Environment*: Ubuntu 18.04 LTS with Docker
- CTFd Version/Commit: cfde6c9
<cfde6c9>
- Operating System: Linux (Ubuntu)
- Web Browser and Version: Microsoft Edge 85.0.564.51
*What happened?*
Usernames containing "$" will be rendered incorrectly in challenge "*
Solves" page(/challenges#CHALLENGE_NAME-CHALLENGE_ID).
For example, a user with username "$$$$" will be rendered as "$$".
*What did you expect to happen?*
"$$$$" -> "$$"
*How to reproduce your issue*
Install CTFd, create a user named "$$$$", create a challenge, submit the
flag using the user.
*Any associated stack traces or error logs*
In
https://github.com/CTFd/CTFd/blob/master/CTFd/themes/core/assets/js/utils.js#L47
, String.prototype.replace() will allow specifying a parameter by using a
specific pattern with prefix '$'.
Related document:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace
The function should replace "$" with "$$" in arguments before real
formatting happen.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1662>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABITPJ4HOSS6EH645EPYM3SGYMB3ANCNFSM4RTV7VQQ>
.
Environment: Ubuntu 18.04 LTS with Docker
What happened?
Usernames containing "$" will be rendered incorrectly in challenge "* Solves" page(
/challenges#CHALLENGE_NAME-CHALLENGE_ID
).For example, a user with username "$$$$" will be rendered as "$$".
What did you expect to happen?
"$$$$" -> "$$"
How to reproduce your issue
Install CTFd, create a user named "$$$$", create a challenge, submit the flag using the user.
Any associated stack traces or error logs
In https://github.com/CTFd/CTFd/blob/master/CTFd/themes/core/assets/js/utils.js#L47 ,
String.prototype.replace()
will allow specifying a parameter by using a specific pattern with prefix '$'.Related document: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace
The function should replace "$" with "$$" in
arguments
before real formatting happen.The text was updated successfully, but these errors were encountered: