Results 1 to 3 of 3

Thread: security issue/bug

  1. 2007-02-16, 11:20 PM #1
    gobezu
    gobezu is offline Sugar Community Member
    Join Date
    Feb 2007
    Posts
    11

    Default security issue/bug

    being new to this community i have no idea where to post bugs
    but i found out the following trying to install the who's online module

    after uploading the module i could not get anywhere due to the unescaped quote which rendered js error
    i guess this should have properly been escaped in PackageManagerDisplay::createJavascriptModuleArray
    using for instance htmlspecialchars($module['name'], ENT_QUOTES)

    cheers
    /gobezu
    Reply With Quote Reply With Quote
  2. 2007-02-17, 02:16 AM #2
    kbrill's Avatar
    kbrill
    kbrill is offline SugarCRM PS Engineer
    Send a message via Yahoo to kbrill Send a message via Skype™ to kbrill
    Join Date
    Jul 2004
    Location
    St Louis, MO
    Posts
    3,183

    Default Re: security issue/bug

    Quote Originally Posted by gobezu
    being new to this community i have no idea where to post bugs
    but i found out the following trying to install the who's online module

    after uploading the module i could not get anywhere due to the unescaped quote which rendered js error
    i guess this should have properly been escaped in PackageManagerDisplay::createJavascriptModuleArray
    using for instance htmlspecialchars($module['name'], ENT_QUOTES)

    cheers
    /gobezu
    Where did you download the Who's Online module. I wrote the 4.5.1 and it doesn't use any Javascript.
    Kenneth Brill - Help Forum Moderator

    I do not respond to 'Private Messages'. Please email me directly instead

    When asking for help, PLEASE give us your Server Information and Version Numbers as asked for on the 'Post New Message' screen as well as any JavaScript errors shown at the bottom of the browser window.
    Help us Help You
    Reply With Quote Reply With Quote
  3. 2007-02-17, 06:45 AM #3
    gobezu
    gobezu is offline Sugar Community Member
    Join Date
    Feb 2007
    Posts
    11

    Default Re: security issue/bug

    thanks for a cool module
    the issue is not that much related with the module in itself as much as with the PackageManagerDisplay, and the js error shows right after uploading the module
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. PATCH: Role/Team/Hierarchy Security
    By mrmilk in forum Downloads
    Replies: 198
    Last Post: 2009-07-27, 06:50 AM
  2. Password security, two-factor authentication
    By KenHughes in forum General Discussion
    Replies: 9
    Last Post: 2009-05-18, 02:56 PM
  3. Big Security worries with Sugar!
    By mycrmspacegunnar in forum General Discussion
    Replies: 28
    Last Post: 2007-07-29, 05:27 AM
  4. Sugar Suite "sugarEntry" Parameter Security Bypass
    By mikeshinn in forum General Discussion
    Replies: 4
    Last Post: 2006-05-29, 11:31 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules