Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52068

String not sanitized before passing it to JavaScript in Repository

XMLWordPrintable

    • MOODLE_29_STABLE
    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • MDL-52068-master
    • Hide
      1. Set-up your Dropbox repository
      2. Edit the language string lang/en/repository cannotaccessparentwin and include single quotes, double quotes, special characters.
      3. Purge all caches
      4. Go to private files and select Dropbox in the file picker (logout if you're logged in)
      5. Login, and make sure:
        • you don't see any JS errors
        • the popup where you enter your Dropbox credentials closes automatically
      Show
      Set-up your Dropbox repository Edit the language string lang/en/repository cannotaccessparentwin and include single quotes, double quotes, special characters. Purge all caches Go to private files and select Dropbox in the file picker (logout if you're logged in) Login, and make sure : you don't see any JS errors the popup where you enter your Dropbox credentials closes automatically

      Because of erroneous Hebrew translation, which included quote marks, we found that in passing the string token to the JS alert function, https://github.com/moodle/moodle/blob/master/repository/repository_callback.php#L80, a JS error occurred which halted the authentication process between Moodle and Google Drive repository.

      We suggest that string passed to JavaScript should be sanitized.

            fred Frédéric Massart
            leac Lea Cohen
            Dan Poltawski Dan Poltawski
            David Monllaó David Monllaó
            Rajesh Taneja Rajesh Taneja
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.