Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User full name field not sanitized #4130

Closed
tsener opened this issue Aug 19, 2014 · 6 comments
Closed

User full name field not sanitized #4130

tsener opened this issue Aug 19, 2014 · 6 comments
Labels
No Code Attached Yet

Comments

@tsener
Copy link

tsener commented Aug 19, 2014

Steps to reproduce the issue

  1. With any user, go to profile page
  2. Click on edit profile and enter as a full name: <iframe src="http://yahoo.com"></iframe>
  3. Click on Submit button

Expected result

Old Full name should be retained; form should check for sanitized input

Actual result

For the rest of the session, full name of the user is blank. I could not detect a database update though.

System information (as much as possible)

RHEL 6.5x64
PHP 5.5.14 (cli) (built: Jun 27 2014 11:23:47)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies
with Xdebug v2.2.5, Copyright (c) 2002-2014, by Derick Rethans
Joomla version:
Joomla 3.3.1 Stable

Additional comments
@brianteeman
Copy link
Contributor

Two things

  1. Please update to the latest release of Joomla which is 3.3.3
  2. Is this in the back end or the front end as I could not replicate this issue

@infograf768
Copy link
Member

I can't reproduce.
I always get:
Warning

Field required: Name:

@carmyman
Copy link

I can't reproduce.
I always get:

Warning
Field required: Name:

You may blame the J!Tracker Application at http://issues.joomla.org/ for transmitting this comment.

@brianteeman
Copy link
Contributor

Before closing this as unable to confirm can you please state if you were using one of the default joomla templates or a custom template. It could be an issue with a template override?

This comment was created with the J!Tracker Application at http://issues.joomla.org/.

@tsener
Copy link
Author

tsener commented Aug 22, 2014

Hello,
It is a t-3 template, not a default one, and observed in the frontend UI. We have a custom plugin developed over 3.3.1, so 3.3.3 upgrade is not an option for the moment. It seems to be an issue with the template, though.

@tsener tsener closed this as completed Aug 22, 2014
@brianteeman
Copy link
Contributor

I would report this to t3 urgently then

On 22 August 2014 12:50, tsener notifications@github.com wrote:

Hello,
It is a t-3 template, not a default one, and observed in the frontend UI.
We have a custom plugin developed over 3.3.1, so 3.3.3 upgrade is not an
option for the moment. It seems to be an issue with the template, though.


Reply to this email directly or view it on GitHub
#4130 (comment).

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
No Code Attached Yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@infograf768 @tsener @brianteeman @zero-24 @carmyman