In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

View Revisions: Issue #1417 All Revisions ] Back to Issue ]
Summary 0001417: Data not escaped in "Query Database" section
Revision 2012-11-07 09:39:55 by alex
Description n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away.

I've noticed that this text from database "test_& amp;_test" (space between "&" and "amp;" add because Mantis breaks it otherwise) is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page.
Revision 2012-11-07 07:30:13 by alex
Description n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away.

I've noticed that this text from database "test_&_test" is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page.



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker