Project

General

Profile

Actions
Copy link

Bug #465

closed

Description input validation too strict

Added by Chris Buechler about 14 years ago. Updated almost 14 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
2.0
Start date:
04/01/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

The input validation on description fields in firewall rules at a minimum, possibly elsewhere, is too strict. The default LAN description in 1.2.x isn't allowed, "Default LAN > any". I see it's changed to remove that default, but we cannot make rules on countless thousands of systems uneditable after they upgrade, that has to be changed back to allow ">".

Actions
Copy link
 #1

Updated by Ermal Luçi almost 14 years ago

  • Status changed from New to Feedback

We can encode all description fields with base64 so no problems should arise.

Agreed?

Actions
Copy link
 #2

Updated by Jim Pingle almost 14 years ago

That may be too harsh. Having those descriptions be readable in the config.xml is a large benefit, IMHO.

Actions
Copy link
 #3

Updated by Erik Fonnesbeck almost 14 years ago

It also might work to encode the characters using HTML and depend on the web browser to decode the text, instead of having to add code for decoding it before sending it out to the browser.

Actions
Copy link
 #4

Updated by Seth Mos almost 14 years ago

  • Status changed from Feedback to Resolved

stripping the < character before comparison works here. Confirmed that it still triggers on <

Actions
Copy link

Also available in: Atom PDF