WebGUI - Scratch variables for sort direction and key can break the CS - Content Management System | CMS | Open Source Content Management | Web Application Framework

Username Password

Home Features Download Partners Community Blog

Community Support
WebGUI User Guides
Wiki
Forums
Report A Bug
Request Features
WebGUI 8
WebGUI TV
Add-ons and Plug-ins
Service Providers
webGUI in the news
Karma
API Docs
the people behind wg
webgui worldwide
Mascot
wallpapers
powered by icons
Sightings

View All Tickets

Scratch variables for sort direction and key can break the CS (#11510)

Issue

If form variables for sort direction and key are passed to the CS, they are set as scratch variables. Scratch variables never die, and the CS never clears them out itself.

Someone in the world has a sort scratch variable set for dateSubmitted, and they are accessing the CMSMatrix and are not allowed to access the forums any longer.

Solution Summary

Comments

perlDreamer

4/5/2010 12:40 pm

Added a whitelist of allowed sort fields, userDefined1-5, title, lineage, revisionDate, creationDate, karmaRank and threadRank.

Fixed in 7.9.2 (6990f52)
Fixed in 7.8.16 (776f0c4)

Details

Ticket Status	Resolved
Rating
Submitted By	perlDreamer
Date Submitted	2010-03-31
Assigned To	unassigned
Date Assigned	2012-02-04
Assigned By
Severity	Critical (mostly not working)
What's the bug in?	WebGUI Stable
WebGUI / WRE Version	7.x
URL	use/bugs/tracker/11510

Keywords

Collaboration System scratch variables woeful badness

Ticket History

4/5/2010 12:40 PM	Resolved	perlDreamer
3/31/2010 7:31 PM	Ticket created	perlDreamer