Results 1 to 2 of 2

Thread: New bug found in Manager

  1. #1

    Exclamation New bug found in Manager

    If I find a bug this year, assuming the world still exists, will I get another gift if one is shipped out at Christmas?

    That aside, I have found another bug.

    Home >Dedicated servers>Services>Management of your installation templates (BETA)

    You can create a template with a ' character in it.

    This causes issues with the html for the web page (you cannot click on the edit/delete buttons).

    The issue is that the web page uses ' for onclick= (in this case AjaxDelete)

    Code:
    onclick="AjaxDelete('Greg's server')"
    It can be fixed in one of two ways:
    1: escape the name
    Code:
    onclick="AjaxDelete('Greg\'s server')"
    2: strip the ' character from your database and prevent the use of '

    1 is easy and a minor change to your backend
    2 would be a major pain.

    I verified that the first option worked by editing the HTML (chrome browser ftw!) and changing 'Greg's server' to 'Greg\'s server' which allowed me to edit, delete etc the template.

    Offending code:
    Code:
    <img src="images/icons/small/delete.gif" alt="delete the template" title="delete" style="cursor: pointer; border-color: initial; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-color: initial; border-image: initial; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px; " onmouseover="mouseOver(this)" onmouseout="mouseOut(this)" onclick="AjaxDelete('Greg's server')" ovhtr:qtlid_src="250844" ovhtr:qtlid_alt="256539" ovhtr:qtlid_title="256551">

  2. #2

    Re: New bug found in Manager

    I note that after almost 7 months that this bug still exists.

    I know that the feature is in beta but the bug could be a showstopper, or even an exploit vector.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •