Bug #2294
closedOutput from CSRF magic mangles files in Diagnostics > Edit File
100%
Description
Somehow CSRF Magic code is ending up in the text when you edit a file in Diagnostics > Edit file. One example is with /etc/inc/auth.inc.
Line 106 should be (on RELENG_2_0):echo "<html><head><title>" . gettext("Redirecting...") . "</title></head><body>" . gettext("Redirecting to the dashboard...") . "</body></html>";
But it ends up being:echo "<html><head><title>" . gettext("Redirecting...") . "</title><script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:61313518f80bc98672eca7a8eb590661fee56563,1331764222";var csrfMagicName = "__csrf_magic";</script><script src="/csrf/csrf-magic.js" type="text/javascript"></script></head><body>" . gettext("Redirecting to the dashboard...") . "<script type="text/javascript">CsrfMagic.end();</script></body></html>";
If someone isn't careful, they could corrupt a system file just by attempting a minor edit here.
Updated by Chris Buechler almost 13 years ago
- Status changed from New to Assigned
- Assignee set to Darren Embry
Updated by Darren Embry almost 13 years ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100