You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2021-06-28 14:12:59

vinc17
Member
Registered: 2009-09-04
Posts: 3

[9.5.0] character ">" in URL title is not handled correctly

When I create a ticket and enter a URL with a title containing the character ">", this is handled correctly at the ticket edit time, but not after the creation of the ticket, where this character seems to be regarded as the end of the "<a>" tag.

For instance, if I enter "mot1 > mot2" as the URL title, the generated HTML is of the form: <a> mot2" href="http://localhost/"&gt;link text</a>
and the generated mail has text: mot2" href="http://localhost/"&gt;link text

There might be some security issue if this makes possible to inject HTML/Javascript code.

Note: The web site where GLPI is installed says at the bottom of the ticket page:
GLPI Copyright (C) 2015-2020 Teclib' and contributors
FusionInventory 9.5.0+1.0 - Copyleft © 2010-2019 by FusionInventory Team

Offline

Pages: 1

Board footer

Powered by FluxBB