Anonymous | Login | Signup for a new account | 2024-03-28 11:19 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Relationship Graph | [ View Issue ] [ Dependency Graph ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0001417 | [In-Portal CMS] Database | bug report | always | 2012-10-20 06:44 | 2012-11-07 10:27 |
Reporter | alex | View Status | public | ||
Assigned To | alex | ||||
Priority | normal | Resolution | fixed | ||
Status | resolved | ||||
Summary | 0001417: Data not escaped in "Query Database" section | ||||
Description |
n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away. I've noticed that this text from database "test_& amp;_test" (space between "&" and "amp;" add because Mantis breaks it otherwise) is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page. |
||||
Additional Information |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |