Opened 15 years ago
Closed 15 years ago
#1057 closed defect (fixed)
One error happened when setting Space as Log Delimiter.
| Reported by: | christinebao | Owned by: | Steve Dang |
|---|---|---|---|
| Priority: | medium | Milestone: | 2.2 |
| Component: | General | Version: | 2.0.2 |
| Severity: | major | Keywords: | |
| Cc: | External ID: | 1242050 |
Description (last modified by )
Steps to reproduce:
- Log in Site Administrator
- Configure Logs->Set Space as Log Delimiter->Save
One error happened:
Invalid argument(s):[1] =""The string was trimmed and it's size now differs from the original.
Diagnosis:
This defect is caused by a submission on Oct 14, 2006 about Configuration.cpp, Revision r883: MG408 (Security: Web Admin vulnerable to cross-site scripting attacks). It added a check when validate configuration and space is not allowed.
Fix:
It's unnecessary to filter space.
Attachments (2)
Change History (7)
by , 15 years ago
| Attachment: | RemoveSpaceCheck.patch added |
|---|
comment:1 by , 15 years ago
comment:2 by , 15 years ago
| Description: | modified (diff) |
|---|
Update summary by putting a r in front of the 883 so that clicking on it takes us to the revision.
follow-up: 4 comment:3 by , 15 years ago
Hi Christine,
I would simply remove the CheckSpacesAtBeginEnd() call from the code instead of commenting it out.
Did you also validate all calls to CheckReservedCharacters() to ensure that removing the space check would have no side effects?
by , 15 years ago
| Attachment: | RemoveSpaceCheck(II).patch added |
|---|
comment:4 by , 15 years ago
Thank you Trevor.
I checked all calls to CheckReservedCharacters(), there are:
void MgResourceIdentifier::CheckRepositoryName()
{
...
MgUtil::CheckSpacesAtBeginEnd(m_repositoryName);
MgUtil::CheckReservedCharacters(m_repositoryName, MgReservedCharacterSet::Name);
...
}
void MgResourceIdentifier::CheckPath()
{
...
MgUtil::CheckSpacesAtBeginEnd(m_path);
MgUtil::CheckReservedCharacters(m_path, MgReservedCharacterSet::Path);
MgUtil::CheckReservedCharacters(m_path, L"", false);
MgUtil::CheckReservedCharacters(m_path, L" /", false);
MgUtil::CheckReservedCharacters(m_path, L"/ ", false);
MgUtil::CheckSlashAtBeginEnd(m_path);
...
}
void MgResourceIdentifier::CheckName()
{
...
MgUtil::CheckSpacesAtBeginEnd(m_name);
MgUtil::CheckReservedCharacters(m_name, MgReservedCharacterSet::Name);
...
}
void MgResourceIdentifier::CheckType(CREFSTRING repositoryType,
CREFSTRING resourceType)
{
...
MgUtil::CheckSpacesAtBeginEnd(resourceType);
MgUtil::CheckReservedCharacters(resourceType, MgReservedCharacterSet::Name);
...
}
Interesting, they all have MgUtil::CheckSpacesAtBeginEnd() before MgUtil::CheckReservedCharacters().
- Configuration.cpp
void MgConfiguration::ValidateValue(CREFSTRING section, CREFSTRING property,
CREFSTRING value)
{
...
MgUtil::CheckReservedCharacters(value, sm_reservedCharacters);
MgUtil::CheckReservedCharacters(property, sm_reservedCharacters);
MgUtil::CheckReservedCharacters(section, sm_reservedCharacters);
...
}
To minimize the change, I prefer to add MgUtil::CheckSpacesAtBeginEnd() for property
and section.
Please see the new attached patch http://trac.osgeo.org/mapguide/attachment/ticket/1057/RemoveSpaceCheck%28II%29.patch.
It's appreciated if someone could submit it :)
Replying to trevorwekel:
Hi Christine,
I would simply remove the CheckSpacesAtBeginEnd() call from the code instead of commenting it out.
Did you also validate all calls to CheckReservedCharacters() to ensure that removing the space check would have no side effects?
comment:5 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
The patch is submitted by Leaf. Thanks.
Attach patch for fixing.