History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: OX-3997
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Miguel Correa
Reporter: Lukasz Wikierski
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
OpenX Ad Server

HTML injection into Delivery Limitations

Created: 04/Sep/08 11:51 AM   Updated: 17/Jul/09 10:45 AM
Component/s: OXP: User Interface
Affects Version/s: OpenX 2.4.8, OpenX 2.6.2, OpenX 2.7.16-dev, OpenX 2.7.27-beta
Fix Version/s: OpenX 2.4.9, OpenX 2.7.26-beta, Milestone 24, OpenX 2.6.3, Milestone 32, OpenX 2.8.2
Security Level: Public (All users can see these issues)

Time Tracking:
Original Estimate: 4h
Original Estimate - 4h
Remaining Estimate: 2.75h
Time Spent - 1.25h Remaining Estimate - 2.75h
Time Spent: 1.25h
Time Spent - 1.25h Remaining Estimate - 2.75h

Issue Links:
Reference
 

Passed QA Version/s: OpenX 2.6.3 and OpenX 2.8.2


 Description  « Hide
TC:
Create Banner and add Delivery limitation in Delivery Options tab (banner-acl.php).
Enter e.g.:
'> <iframe src="http://google.com" height="200"> </iframe> <div style='
into input fields

OpenX 2.6/2.7 plugins affected:
Site: Variable
Geo: Country / City
Geo: Latitude/Longitude

simillar problem is in 2.4 - but there singlequote and quote ( ' " ) are escaped by backslash ( \ ), so use this string to add iframe:
'> <iframe src=http://google.com height=200> </iframe> <div
OpenX 2.4 plugins affected:
Geo: Country / City
Geo: Latitude/Longitude



 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order
Change by Lukasz Wikierski - 04/Sep/08 11:51 AM
Field Original Value New Value
Status Needs Verification [ 10000 ] Verified [ 10001 ]

Change by andrew.hill - 01/Oct/08 02:33 PM
Status Verified [ 10001 ] Open [ 1 ]

Change by andrew.hill - 01/Oct/08 02:33 PM
Original Estimate 4h [ 14400 ]
Remaining Estimate 4h [ 14400 ]
Assignee Andrew Hill [ andrew.hill ] Chris Nutting [ chris.nutting ]
Fix Version/s OpenX 2.4.9 [ 10360 ]
Fix Version/s OpenX 2.6.2 [ 10364 ]
Fix Version/s OpenX 2.7.26-beta [ 10450 ]
Fix Version/s Milestone 24 [ 10464 ]

Change by david.keen - 08/Oct/08 11:16 AM
Fix Version/s OpenX 2.6.3 [ 10485 ]
Fix Version/s OpenX 2.6.2 [ 10364 ]

Change by Monique Szpak - 13/Oct/08 10:54 AM
Assignee Chris Nutting [ chris.nutting ] Monique Szpak [ monique.szpak ]

Change by Monique Szpak - 13/Oct/08 10:54 AM
Status Open [ 1 ] In Progress [ 3 ]

Change by Monique Szpak - 13/Oct/08 12:36 PM
Status In Progress [ 3 ] Open [ 1 ]

Change by Monique Szpak - 13/Oct/08 12:37 PM
Assignee Monique Szpak [ monique.szpak ] Miguel Correa [ miguel.correa ]

Change by Miguel Correa - 14/Oct/08 10:13 AM
Link This issue is referenced by OX-3998 [ OX-3998 ]

Miguel Correa - 14/Oct/08 11:22 AM - edited
Bug fixed in OpenX v2.4.10-rc2

Changeset:
https://museum.openx.org/trac/developer/changeset/27305


Change by Miguel Correa - 14/Oct/08 11:23 AM
Remaining Estimate 4h [ 14400 ] 3.33h [ 12000 ]
Time Spent 0.67h [ 2400 ]

Miguel Correa - 14/Oct/08 11:40 AM
Time Worked: 0.67h
<No comment>
Miguel Correa - 14/Oct/08 11:52 AM
Bug fixed in OpenX v2.7.26-beta-rc5 for the Geo:Ltitude/Longitude case (Site:Variable and Geo:Country/City are fixed in OX-3998)

Changeset:
https://museum.openx.org/trac/developer/changeset/27307


Miguel Correa - 14/Oct/08 12:01 PM - edited
Bug fixed in OpenX v2.6.3-rc2 for the Geo:Ltitude/Longitude case (Site:Variable and Geo:Country/City are fixed in OX-3998)

Changeset:
https://museum.openx.org/trac/developer/changeset/27308


Change by Miguel Correa - 14/Oct/08 12:02 PM
Remaining Estimate 3.33h [ 12000 ] 2.75h [ 9900 ]
Time Spent 0.67h [ 2400 ] 1.25h [ 4500 ]

Change by Miguel Correa - 14/Oct/08 12:04 PM
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]

Miguel Correa - 14/Oct/08 12:25 PM
Time Worked: 0.58h
<No comment>
Change by Sue Houghton - 15/Oct/08 08:57 AM
QA Notes Resolved in 2.6.3-rc3

Change by Sue Houghton - 15/Oct/08 10:45 AM
QA Notes Resolved in 2.6.3-rc3 Resolved in 2.6.3-rc3
test edit

Change by Sue Houghton - 15/Oct/08 10:45 AM
QA Notes Resolved in 2.6.3-rc3
test edit
Resolved in 2.6.3-rc3

Change by Sue Houghton - 16/Oct/08 02:17 PM
QA Notes Resolved in 2.6.3-rc3
Resolved in 2.6.3-rc2

Sue Houghton - 17/Oct/08 10:33 AM
Passed retest in 2.6.3-rc2

Change by Sue Houghton - 17/Oct/08 10:33 AM
QA Notes Resolved in 2.6.3-rc2
Passed QA Version/s OpenX 2.6.3 [ 10485 ]

Sue Houghton - 03/Nov/08 01:31 PM
Added affects version = 2.7.27-beta for bug triage purposes.

Change by Sue Houghton - 03/Nov/08 01:31 PM
Affects Version/s  OpenX 2.7.27-beta [ 10487 ]

Change by Sue Houghton - 04/Nov/08 03:33 PM
Resolution Fixed [ 1 ]
Status Resolved [ 5 ] Reopened [ 4 ]

Change by Sue Houghton - 04/Nov/08 03:33 PM
Security Private [ 10064 ] Public [ 10060 ]

Change by andrew.hill - 27/Feb/09 12:02 PM
Assignee Miguel Correa [ miguel.correa ] Andrew Hill [ andrew.hill ]

Miguel Correa - 04/Jun/09 09:21 AM
Changes applied in 2.6 are applied in trunk as well.

Change by Miguel Correa - 04/Jun/09 09:21 AM
Status Reopened [ 4 ] Resolved [ 5 ]
Assignee Andrew Hill [ andrew.hill ] Miguel Correa [ miguel.correa ]
Fix Version/s OpenX 2.8.2 [ 10910 ]
Fix Version/s Milestone 32 [ 10909 ]
Resolution Fixed [ 1 ]

Change by Joanna Mazgaj - 17/Jul/09 10:44 AM
Passed QA Version/s OpenX 2.6.3 [ 10485 ] OpenX 2.6.3, OpenX 2.8.2 [ 10485, 10910 ]

Change by Joanna Mazgaj - 17/Jul/09 10:45 AM
Status Resolved [ 5 ] Closed [ 6 ]