Bug 320424 - [Webapp][Security] More vulnerabilities based on the topic parameter
Summary: [Webapp][Security] More vulnerabilities based on the topic parameter
Status: RESOLVED INVALID
Alias: None
Product: Platform
Classification: Eclipse Project
Component: User Assistance (show other bugs)
Version: 3.4   Edit
Hardware: PC Windows XP
: P3 normal (vote)
Target Milestone: ---   Edit
Assignee: Chris Goldthorpe CLA
QA Contact:
URL:
Whiteboard:
Keywords: security
Depends on: 320547 320548
Blocks:
  Show dependency tree
 
Reported: 2010-07-20 13:33 EDT by Chris Goldthorpe CLA
Modified: 2011-06-10 14:22 EDT (History)
6 users (show)

See Also:

Attachments
Patch for paths containing ..\ (925 bytes, patch)
2010-07-20 18:40 EDT, Chris Goldthorpe CLA 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Goldthorpe CLA 2010-07-20 13:33:40 EDT 
The help system is still allowing some protocols to be passed in through the topic parameter despite the fix to Bug 233466.
Comment 2 Chris Goldthorpe CLA 2010-07-20 18:40:07 EDT 
Created attachment 174800 [details]
Patch for paths containing ..\

There are two separate issues, one is that on Windows ..\ can be passed into the URL and is eventually interpreted as part of a path in the file system. This patch fixes that problem.
Comment 3 Chris Goldthorpe CLA 2010-07-21 16:05:11 EDT 
There were two distinct and different problems described in this bug report. I have created two new bugs - Bug 320547 and Bug 320548 to track these. I am closing this bug and leaving the security flag on.
Comment 4 John Arthorne CLA 2011-06-10 14:22:07 EDT 
Removing security restriction for bugs that have been fixed in 3.6.2 or earlier.