View Revisions: Issue #1417 |
[ All Revisions ] [ Back to Issue ] |
Summary |
0001417: Data not escaped in "Query Database" section |
|
Revision |
2012-11-07 09:39:55 by alex |
|
Description |
n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away.
I've noticed that this text from database "test_& amp;_test" (space between "&" and "amp;" add because Mantis breaks it otherwise) is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page. |
|
Revision |
2012-11-07 07:30:13 by alex |
|
Description |
n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away.
I've noticed that this text from database "test_&_test" is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page. |