Modify ↓
Ticket #2777 (closed defect: fixed)
Opened 6 years ago
Last modified 6 years ago
html processor trivially exploited to make pages completely unrenderable
| Reported by: | exarkun@… | Owned by: | cmlenz |
|---|---|---|---|
| Priority: | high | Milestone: | 0.9.5 |
| Component: | wiki system | Version: | 0.9.4 |
| Severity: | normal | Keywords: | |
| Cc: | |||
| Release Notes: | |||
| API Changes: | |||
Description
By adding an invalid entity inside a section of markup using the html processor, trac can be made to render an error page with no content and no buttons for undoing the damage. Presumably the page will remain in this state until an admin manually fixes the database.
An example of this is:
{{{
#!html
&junk;
}}}
Attachments
Change History
comment:1 Changed 6 years ago by athomas
comment:2 Changed 6 years ago by cmlenz
- Milestone set to 0.9.5
- Owner changed from jonas to cmlenz
- Severity changed from critical to normal
- Status changed from new to assigned
comment:3 Changed 6 years ago by anonymous
- Resolution set to fixed
- Status changed from assigned to closed
comment:4 Changed 6 years ago by anonymous
- Resolution fixed deleted
- Status changed from closed to reopened
comment:5 Changed 6 years ago by cmlenz
- Component changed from general to wiki
- Resolution set to fixed
- Status changed from reopened to closed
Note: See
TracTickets for help on using
tickets.
A workaround is to manually append ?action=edit at the end of the URL. This will at least let you remove the offending HTML.