couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Bisbee (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1275) Futon's recent database list doesn't decode slashes in database names
Date Wed, 22 Feb 2012 18:15:49 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13213814#comment-13213814
] 

Sam Bisbee commented on COUCHDB-1275:
-------------------------------------

Ah! Gotcha. :) Yeah, that crossed over into CSRF territory for me.
                
> Futon's recent database list doesn't decode slashes in database names
> ---------------------------------------------------------------------
>
>                 Key: COUCHDB-1275
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1275
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Futon
>    Affects Versions: 1.1
>            Reporter: Jan Lehnardt
>            Priority: Minor
>
> Create a database with a slash in it, futon will go to the database view automatically
and add it to the recent databases list. the list will display the encoded %2f instead of
the /
> Here's a quick fix: http://friendpaste.com/1WORPAfSY5MUyoisaAQtZB
> I tested it for XSS but I may have overlooked something and I'd appreciate a review.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message