Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JSON responses do not consistently set content-type to application/json #3944

Closed
navotera opened this issue Jul 20, 2018 · 2 comments

Comments

@navotera
Copy link

commented Jul 20, 2018

seems like there is vuln as explained in this url :

https://www.indoxploit.or.id/home/article/1

thanks

[Edit by @asmecher: See #3944 (comment) for patch instructions.]

@navotera navotera changed the title [OJS] [OJS] vulnerability report on domain/journal/index.php/index/user/getInterests Jul 20, 2018

@asmecher asmecher changed the title [OJS] vulnerability report on domain/journal/index.php/index/user/getInterests JSON responses do not consistently set content-type to application/json Jul 24, 2018

@asmecher asmecher self-assigned this Jul 24, 2018

@asmecher asmecher added this to the OJS/OMP 3.1.1-4 milestone Jul 24, 2018

@asmecher asmecher added the Bug label Jul 24, 2018

@asmecher

This comment has been minimized.

Copy link
Member

commented Jul 24, 2018

Hmm, too bad this wasn't reported to us. To resolve it, apply the following in the lib/pkp subdirectory:

@asmecher asmecher closed this Jul 24, 2018

@asmecher

This comment has been minimized.

Copy link
Member

commented Jul 24, 2018

Thanks for reporting, @navotera!

asmecher added a commit to pkp/ojs that referenced this issue Jul 24, 2018
asmecher added a commit to pkp/ojs that referenced this issue Jul 24, 2018
asmecher added a commit that referenced this issue Jul 24, 2018
asmecher added a commit to pkp/ojs that referenced this issue Jul 24, 2018
asmecher added a commit to pkp/staticPages that referenced this issue Jul 24, 2018
asmecher added a commit to pkp/customBlockManager that referenced this issue Jul 24, 2018
asmecher added a commit to pkp/staticPages that referenced this issue Aug 22, 2018
asmecher added a commit to pkp/customBlockManager that referenced this issue Sep 6, 2018
asmecher added a commit to pkp/staticPages that referenced this issue Sep 6, 2018
asmecher added a commit to pkp/customBlockManager that referenced this issue Sep 6, 2018
asmecher added a commit to pkp/staticPages that referenced this issue Sep 7, 2018
asmecher added a commit to pkp/staticPages that referenced this issue Sep 10, 2018
asmecher added a commit to pkp/staticPages that referenced this issue Sep 10, 2018
asmecher added a commit to pkp/customBlockManager that referenced this issue Sep 10, 2018
asmecher added a commit to pkp/customBlockManager that referenced this issue Sep 10, 2018
jmvezic added a commit to jmvezic/morepress that referenced this issue Oct 1, 2018
ambs added a commit to ambs/pkp-lib that referenced this issue Oct 16, 2018
ambs added a commit to ambs/pkp-lib that referenced this issue Oct 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.