You are here: Foswiki>Tasks Web>Item13301 (05 Jul 2015, GeorgeClark)Edit Attach

Item13301: Single quotes are incorrectly encoded in query params. Breaks WebSearch and other pages.

pencil
Priority: Security
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Engine
Component: SEARCH, UrlHandling
Branches: master
Reported By: GuilainCabannes
Waiting For:
Last Change By: GeorgeClark

WebSearch topic crashes with a query search

Test case

  • go to trunk.foswiki.org
  • then, go to WebSearch
  • type name~'*whatyouwant*'
  • [optionnal] in advanced search tab, select query search
  • result is a small html page, break, see result below

Result

  • see image below
  • tested on :
    • opera 12.16 - 32 bits under linux
    • iceweasel 31.5.0 - 32 bits under linux
webSearchCrash.png
illustration of crash

Comments

  • same test case works well on v1.1.9

-- GuilainCabannes - 09 Mar 2015

The bug is caused by the use of the single quote in the search field. It's ending up in the html unencoded in the url parameters. This is related to the HTML conversion to use single quotes. The difference on Foswiki 1.1 is that the URLs are generated: using double-quotes. ...

On further digging, there are definitely quoting issues, but 1.1. has the same issues. Firefox "view source" complains about the HTML. But the problem is in the Change Language tag, which also uses a redirectto, which is actually truncated at the first single quote.

-- GeorgeClark - 09 Mar 2015

You can create it on any page on trunk by using single quotes in the URL.

http://trunk.foswiki.org/Main/WebHome?foo='bar'

-- GeorgeClark - 09 Mar 2015

Note that Foswiki 1.1.9 also has issues with the language selector when single quotes are used in the query string. Not as severe, but I note that the bottom of the page copyright info ends up in the top of the page.

-- GeorgeClark - 09 Mar 2015

Bumped to Security. There might be a possible exploit if entities are not being correctly encoded. Reviewed with Crawford.

-- GeorgeClark - 09 Mar 2015
 

ItemTemplate edit

Summary Single quotes are incorrectly encoded in query params. Breaks WebSearch and other pages.
ReportedBy GuilainCabannes
Codebase trunk
SVN Range
AppliesTo Engine
Component SEARCH, UrlHandling
Priority Security
CurrentState Closed
WaitingFor
Checkins distro:0ffe965594e4 distro:878af6d11a3e distro:603cb4c218b9
TargetRelease major
ReleasedIn 2.0.0
CheckinsOnBranches master
trunkCheckins
masterCheckins distro:0ffe965594e4 distro:878af6d11a3e distro:603cb4c218b9
ItemBranchCheckins
Release01x01Checkins
Topic attachments
I Attachment Action Size Date Who Comment
webSearchCrash.pngpng webSearchCrash.png manage 18 K 09 Mar 2015 - 11:10 GuilainCabannes illustration image
Topic revision: r7 - 05 Jul 2015, GeorgeClark - This page was cached on 26 Sep 2016 - 07:31.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License