Modify ↓
Opened 19 years ago
Closed 19 years ago
#2777 closed defect (fixed)
html processor trivially exploited to make pages completely unrenderable
| Reported by: | Owned by: | Christopher Lenz | |
|---|---|---|---|
| Priority: | high | Milestone: | 0.9.5 |
| Component: | wiki system | Version: | 0.9.4 |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
By adding an invalid entity inside a section of markup using the html processor, trac can be made to render an error page with no content and no buttons for undoing the damage. Presumably the page will remain in this state until an admin manually fixes the database.
An example of this is:
{{{
#!html
&junk;
}}}
Attachments (0)
Change History (5)
comment:1 by , 19 years ago
comment:2 by , 19 years ago
| Milestone: | → 0.9.5 |
|---|---|
| Owner: | changed from to |
| Severity: | critical → normal |
| Status: | new → assigned |
comment:3 by , 19 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:4 by , 19 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
comment:5 by , 19 years ago
| Component: | general → wiki |
|---|---|
| Resolution: | → fixed |
| Status: | reopened → closed |
Note:
See TracTickets
for help on using tickets.
A workaround is to manually append
?action=editat the end of the URL. This will at least let you remove the offending HTML.