Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#4130] - User full name field not sanitized

?
avatar tsener
tsener
19 Aug 2014

Steps to reproduce the issue

  1. With any user, go to profile page
  2. Click on edit profile and enter as a full name: <iframe src="http://yahoo.com"></iframe>
  3. Click on Submit button

Expected result

Old Full name should be retained; form should check for sanitized input

Actual result

For the rest of the session, full name of the user is blank. I could not detect a database update though.

System information (as much as possible)

RHEL 6.5x64
PHP 5.5.14 (cli) (built: Jun 27 2014 11:23:47)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies
with Xdebug v2.2.5, Copyright (c) 2002-2014, by Derick Rethans
Joomla version:
Joomla 3.3.1 Stable

Additional comments

Votes

# of Users Experiencing Issue
0/1
Average Importance Score
3.00
avatar tsener tsener - open - 19 Aug 2014
avatar tsener tsener - change - 19 Aug 2014
The description was changed
avatar brianteeman
brianteeman - comment - 19 Aug 2014

Two things
1. Please update to the latest release of Joomla which is 3.3.3
2. Is this in the back end or the front end as I could not replicate this issue

avatar infograf768
infograf768 - comment - 19 Aug 2014

I can't reproduce.
I always get:
Warning

Field required: Name:

avatar carmyman
carmyman - comment - 20 Aug 2014

I can't reproduce.
I always get:

Warning
Field required: Name:

You may blame the J!Tracker Application at http://issues.joomla.org/ for transmitting this comment.

avatar brianteeman
brianteeman - comment - 21 Aug 2014

Before closing this as unable to confirm can you please state if you were using one of the default joomla templates or a custom template. It could be an issue with a template override?

This comment was created with the J!Tracker Application at http://issues.joomla.org/.

avatar tsener
tsener - comment - 22 Aug 2014

Hello,
It is a t-3 template, not a default one, and observed in the frontend UI. We have a custom plugin developed over 3.3.1, so 3.3.3 upgrade is not an option for the moment. It seems to be an issue with the template, though.

avatar tsener tsener - change - 22 Aug 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-08-22 11:50:08
avatar tsener tsener - close - 22 Aug 2014
avatar tsener tsener - close - 22 Aug 2014
avatar zero-24 zero-24 - close - 22 Aug 2014
avatar brianteeman
brianteeman - comment - 22 Aug 2014

I would report this to t3 urgently then

On 22 August 2014 12:50, tsener notifications@github.com wrote:

Hello,
It is a t-3 template, not a default one, and observed in the frontend UI.
We have a custom plugin developed over 3.3.1, so 3.3.3 upgrade is not an
option for the moment. It seems to be an issue with the template, though.


Reply to this email directly or view it on GitHub
#4130 (comment).

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment