Project

General

Profile

Actions
Copy link

Bug #5218

closed

CSRF magic modifies content in pfSense interface

Added by Diego Queiroz over 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
09/30/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.4
Affected Architecture:
amd64

Description

When you edit any field in pfSense GUI (usually HTML <textarea>) that contains HTML data inside (usually HTML files), the content is modified by CSRF magic.

Steps to reproduce:
  • Edit an HTML file using pfSense GUI (using Filer package, for example).
  • Every time you open the file, notice that before each </body> tag, now there is an <script type="text/javascript">CsrfMagic.end();</script>.

Using 2.2.4-RELEASE (amd64) - built on Sat Jul 25 19:57:37 CDT 2015 - FreeBSD 10.1-RELEASE-p15
This bug appear to be related with #2294.

Actions
Copy link
 #1

Updated by Chris Buechler almost 8 years ago

  • Status changed from New to Closed

not an issue in >=2.3

Actions
Copy link
 #2

Updated by Raffaele Candeliere over 7 years ago

No, it's back again on my installation (2.3.2), in my case while editing php files with embedded html

Actions
Copy link

Also available in: Atom PDF