Edgewall Software

Ticket #2777 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

html processor trivially exploited to make pages completely unrenderable

Reported by: exarkun@… Owned by: cmlenz
Priority: high Milestone: 0.9.5
Component: wiki system Version: 0.9.4
Severity: normal Keywords:
Cc:

Description

By adding an invalid entity inside a section of markup using the html processor, trac can be made to render an error page with no content and no buttons for undoing the damage. Presumably the page will remain in this state until an admin manually fixes the database.

An example of this is: 

{{{
#!html
&junk;
}}}

Attachments

Change History

Changed 3 years ago by athomas

A workaround is to manually append ?action=edit at the end of the URL. This will at least let you remove the offending HTML.

Changed 3 years ago by cmlenz

  • owner changed from jonas to cmlenz
  • status changed from new to assigned
  • severity changed from critical to normal
  • milestone set to 0.9.5

Changed 3 years ago by anonymous

  • status changed from assigned to closed
  • resolution set to fixed

Changed 3 years ago by anonymous

  • status changed from closed to reopened
  • resolution fixed deleted

Changed 3 years ago by cmlenz

  • status changed from reopened to closed
  • resolution set to fixed
  • component changed from general to wiki

Fixed in [2969] and [2970].

Add/Change #2777 (html processor trivially exploited to make pages completely unrenderable)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.