Bug #5218: CSRF magic modifies content in pfSense interface - pfSense - pfSense bugtracker

Actions

Copy link

Bug #5218

closed

CSRF magic modifies content in pfSense interface

Added by Diego Queiroz over 9 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Web Interface

Target version:

Start date:

09/30/2015

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2.4

Affected Architecture:

amd64

Description

When you edit any field in pfSense GUI (usually HTML <textarea>) that contains HTML data inside (usually HTML files), the content is modified by CSRF magic.

Steps to reproduce:

Edit an HTML file using pfSense GUI (using Filer package, for example).
Every time you open the file, notice that before each </body> tag, now there is an <script type="text/javascript">CsrfMagic.end();</script>.

Using 2.2.4-RELEASE (amd64) - built on Sat Jul 25 19:57:37 CDT 2015 - FreeBSD 10.1-RELEASE-p15
This bug appear to be related with #2294.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #5218

CSRF magic modifies content in pfSense interface

Updated by Chris Buechler almost 9 years ago

Updated by Raffaele Candeliere over 8 years ago