Project

General

Profile

Actions

Bug #4018

closed

typeahead: long query parameter / answer triggers 'Attack detected' and purges current SIP storage.

Added by Carsten Rose over 6 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Enis Nuredini
Target version:
Start date:
01.07.2017
Due date:
% Done:

0%

Estimated time:
Discuss:
Prio Planung:
No
Vote:

Description

  • maybe a post request?
  • Problem was #4009
Situation:
  • User loads form
  • use typeahead against uzh webpass
  • shortname as column
  • user save and close record
  • user open form with saved record again
  • form loads
  • typeAheadLdapSearchPrefetch: typeahead fires a query after form load to display expanded LDAP search query. for this it uses the expanded value. this is not clear to CR why.
  • The expanded value exceeds the SECURITY_GET_MAX_LENGTH of 50.

Files


Related issues

Related to QFQ - Bug #9077: typeAheadSql: report broken SQLNewCarsten Rose10.09.2019

Actions
Related to QFQ - Bug #5788: DoS-String für TypeAHeadClosedCarsten Rose06.04.2018

Actions
Actions

Also available in: Atom PDF