XSS/JS filter hitting when saving a custom Smart template file

Tracker item actions

List all trackers List items

Status

Pending

Subject

XSS/JS filter hitting when saving a custom Smart template file

Version

2.x

Category

Error

Feature

Templates (Smarty)

Resolution status

New

Submitted by

Carsten Schmitz

Lastmod by

Carsten Schmitz

Rating

(0)

Description

When saving a Smarty template for a specific theme using the TikiWiki admin GUI then all kinds of fake tags </x> are inserted in javascript.
It seems that the XSS filter is hitting here. It should not since it is a super-admin function and should not be XSS-filtered, of course.

I tried to edit tiki-editpage.tpl when this occured.

Importance

Priority

Demonstrate Bug on Tiki 19+

NONE

This bug has been demonstrated on show2.tiki.org

Please demonstrate your bug on show2.tiki.org

Show.tiki.org snapshot creation is in progress

Show.tiki.org snapshot creation is in progress... Please monitor http:///snapshots/ for progress. Note that if you get a popup asking for a username/password, please just enter "show" and "show".

Password reset

Password reset was successful

Password reset

Password reset failed

Show.tiki.org instance destruction in progress

Show.tiki.org instance destruction is in progress... Please wait...

Show.tiki.org is not configured properly

The public/private keys configured to connect to show2.tiki.org were not accepted. Please make sure you are using RSA keys. Thanks.

Show.tiki.org is currently unavailable

Unable to connect to show2.tiki.org. Please let us know of the problem so that we can do something about it. Thanks.

Show.tiki.org is under maintenance

Show.tiki.org is currently under maintenance. Sorry for the inconvenience.

Unable to get information from show2.tiki.org

Unable to get information from show2.tiki.org. Please let us know of the problem so that we can do something about it. Thanks.

Instance is being created

Show.tiki.org is in the progress of creating the new instance. Please continue waiting for a minute or two. If this continues on for more than 10 minutes, please let us know of the problem so that we can do something about it. Thanks.

About show2.tiki.org

To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.

Version: Create show2.tiki.org instance

Accessing the Tiki instance that demonstrates this bug

The URL for the show2.tiki.org instance that demonstrates this bug is at: http://. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".

For the install log, see http:///info.txt

Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.

Snapshots

Snapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show2.tiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.

Snapshots can be accessed at: http:///snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".

Create new snapshot

Update the clone Access the clone

Demonstrate Bug (older Tiki versions)

DISCO

This bug has been demonstrated on show.tikiwiki.org

Please demonstrate your bug on show.tikiwiki.org

Show.tiki.org snapshot creation is in progress

Show.tiki.org snapshot creation is in progress... Please monitor http:// for progress. Note that if you get a popup asking for a username/password, please just enter "show" and "show".

Password reset

Password reset was successful

Password reset

Password reset failed

Show.tiki.org instance destruction in progress

Show.tiki.org instance destruction is in progress... Please wait...

Show.tiki.org is not configured properly

The public/private keys configured to connect to show.tikiwiki.org were not accepted. Please make sure you are using RSA keys. Thanks.

Show.tiki.org is currently unavailable

Unable to connect to show.tikiwiki.org. Please let us know of the problem so that we can do something about it. Thanks.

Show.tiki.org is under maintenance

Show.tiki.org is currently under maintenance. Sorry for the inconvenience.

Unable to get information from show.tikiwiki.org

Unable to get information from show.tikiwiki.org. Please let us know of the problem so that we can do something about it. Thanks.

Instance is being created

About show.tikiwiki.org

To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.

Version: Create show.tikiwiki.org instance

Accessing the Tiki instance that demonstrates this bug

The URL for the show.tikiwiki.org instance that demonstrates this bug is at: http://. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".

For the install log, see http://

Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.

Snapshots

Snapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show.tikiwiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.

Snapshots can be accessed at: http://. Note that if you get a popup asking for a username/password, please just enter "show" and "show".

Create new snapshot

Update the clone Access the clone

Ticket ID

1992

Created

Thursday 28 August, 2008 09:23:56 UTC
by Unknown

LastModif

Thursday 28 August, 2008 09:23:56 UTC

Tiki Roundtable Meeting - April

XSS/JS filter hitting when saving a custom Smart template file

This bug has been demonstrated on show2.tiki.org

Please demonstrate your bug on show2.tiki.org

This bug has been demonstrated on show.tikiwiki.org

Please demonstrate your bug on show.tikiwiki.org

About Tiki

Community

Documentation

Support

Development

Legal

Tiki Project Sites

Networks

Navigation and related functionality and content

Related content

Tiki Roundtable Meeting - April

XSS/JS filter hitting when saving a custom Smart template file

This bug has been demonstrated on show2.tiki.org

Please demonstrate your bug on show2.tiki.org

This bug has been demonstrated on show.tikiwiki.org

Please demonstrate your bug on show.tikiwiki.org

Pagebottom heading