Skip Menu |
 

This queue is for tickets about the Catalyst-Manual CPAN distribution.

Report information
The Basics
Id: 62095
Status: resolved
Priority: 0/
Queue: Catalyst-Manual

People
Owner: HKCLARK [...] cpan.org
Requestors: RENTOCRON [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: [with solve] 1: Probability XSS attack 2: persistent message on /login
Hello! Context: http://search.cpan.org/~hkclark/Catalyst-Manual-5.8004/lib/Catalyst/Manual/Tutorial/04_BasicCRUD.pod First XSS attack was open when adding status_msg to URL ({status_msg => "Book deleted."}) This really don't worries because this technique get removed on next tutorial (when use flash) The solution is add | html on wrapper.tt2 change: <span class="message">[% status_msg || c.request.params.status_msg %]</span> to <span class="message">[% status_msg || c.request.params.status_msg | html %]</span> ------- Two, Context: http://search.cpan.org/~hkclark/Catalyst-Manual-5.8004/lib/Catalyst/Manual/Tutorial/05_Authentication.pod On /login method (sub index :Path :Args(0) {) when you get logged in, and return to the page, you gotcha the message: "Empty username or password." but, you don't even make a post, because you already are logged. To this message stop to appear unless you don't have post and have logged in, when can add unless condition as: $c->stash(error_msg => "Empty username or password.") unless ($c->user_exists); Thanks
Download (untitled) / with headers
text/plain 147b
Good suggestions. Looks like both have already been implemented as of 5.9000. I also added a clarification note about the XSS issue to Chapter 4.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.