View Issue Details

IDProjectCategoryView StatusLast Update
0000146Main CAcert Websitesource codepublic2013-01-13 17:00
Reporteraanriot Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2006 
Summary0000146: Unparsed variable written to session variable
DescriptionIn disputes.php?oldid=2 in line 336 the unparsed variable $memid is stored in the session:

     $_SESSION['_config']['memid'] = $memid;

Currently there is no problem but this may lead to security issues in the future.

1. currently disputes.php line 407 parses the variable before use.

2. normal user don't have acces to includes/account.php?oldid=34 where this variable is used unparsed: mysql_query("delete from `org` where `memid`='".$_SESSION['_config']['memid']."'");
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000164 closed org eat org 
related to 0000129 closed org admin removal problem 

Activities

duane

2006-08-16 13:46

developer   ~0000524

2 part solution, added extra variable handling to dispute.php and other parts of this report were fixed/listed in bug 0000164

Issue History

Date Modified Username Field Change
2006-03-04 11:29 bluec New Issue
2006-03-05 21:43 bluec Category website content => source code
2006-08-16 13:44 duane Relationship added related to 0000164
2006-08-16 13:44 duane Status new => needs work
2006-08-16 13:44 duane Assigned To => bluec
2006-08-16 13:46 duane Status needs work => solved?
2006-08-16 13:46 duane Fixed in Version => production
2006-08-16 13:46 duane Resolution open => fixed
2006-08-16 13:46 duane Note Added: 0000524
2006-08-16 16:38 duane Relationship added related to 0000129
2007-10-24 06:05 evaldo Reporter bluec => aanriot
2007-10-24 06:05 evaldo Assigned To bluec =>
2007-10-24 06:05 evaldo Status solved? => closed
2013-01-13 17:00 Werner Dworak Fixed in Version => 2006