#487 closed Defect (fixed)
< > in boinc_teams.xml <description> need to be HTML coded
| Reported by: | Ananas | Owned by: | davea |
|---|---|---|---|
| Priority: | Blocker | Milestone: | Undetermined |
| Component: | Web - Project | Version: | |
| Keywords: | boincwide teams management | Cc: |
Description
Currently everyone can mess up boinc_teams.xml or add dummy teams by just inserting the expected XML tags into his team description (starting with closing his own description), like :
</description> <country>International</country> <id>999</id> <user_email_munged>UvfBja@rznvy.pbz</user_email_munged> <user_name>HisOwnName</user_name> </team> <team> ... n records of data for fake teams ... <description> That was easy
So the description string needs to be HTML Entity encoded, at least > and < are necessary
Change History (5)
comment:1 Changed 18 years ago by
| Priority: | Major → Blocker |
|---|
comment:2 Changed 18 years ago by
comment:3 Changed 18 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:5 Changed 18 years ago by
Yes - they'll get team names/descriptions with HTML-escaped chars. These will go back to normal when the project upgrades and runs team_import.php
Note: See
TracTickets for help on using
tickets.
p.s.: I haven't tested that, it's from looking at the file contents and reading the code that extracts the records.