[interchange-bugs] [rt.icdevgroup.org #306] [Comment] XSS Exploit in demo -- UserDB.pm
Gert van der Spoel via RT
interchange-comment at rt.icdevgroup.org
Sun Feb 27 20:04:09 UTC 2011
This is a comment. It is not sent to the Requestor(s):
The applied patch seems to have a difference, or was changed at a later stage, to:
die errmsg("Username contains illegal characters.\n")
notice the \n in the errmsg ... This does not go well with the locale file where you have 1 item per line, new lines are not working too good ...
Suggest to change it to:
die errmsg("Username contains illegal characters.") . "\n"
More information about the interchange-bugs