View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0012341CDashpublic2011-07-14 23:142011-12-23 08:26
ReporterEmmanuel Christophe 
Assigned ToJulien Jomier 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version2.0 
Summary0012341: Test names not escaped
DescriptionTests names are not escaped for "<" and ">" leading to this error:
Warning: DOMDocument::loadXML() [domdocument.loadxml]: StartTag: invalid element name in Entity, line: 17 in /var/www/Dashboard/cdash/common.php on line 42

There might be a potential for injection attacks.

(with cdash 1.8.2)
Steps To ReproduceSubmit a test with a name such as:
test<->1234
TagsNo tags attached.
Attached Files

 Relationships

  Notes
(0028062)
Julien Jomier (manager)
2011-12-23 08:26

Thanks for the report

 Issue History
Date Modified Username Field Change
2011-07-14 23:14 Emmanuel Christophe New Issue
2011-12-23 08:17 Julien Jomier Assigned To => Julien Jomier
2011-12-23 08:17 Julien Jomier Status new => assigned
2011-12-23 08:26 Julien Jomier Note Added: 0028062
2011-12-23 08:26 Julien Jomier Status assigned => resolved
2011-12-23 08:26 Julien Jomier Fixed in Version => 2.0
2011-12-23 08:26 Julien Jomier Resolution open => fixed


Copyright © 2000 - 2018 MantisBT Team