Ticket #182 (closed defect: fixed)

Opened 8 years ago

Last modified 8 years ago

Switch element does not check for the correct value

Reported by: schst Owned by: argh
Priority: normal Milestone: v0.9.0 stable
Component: Element Version: 0.9.0-alpha
Severity: critical Keywords:
Cc:

Description (last modified by schst) (diff)

The Switch element only checks, whether any value has been passed, not the one supplied in the value attribute: 

// required & empty
if( isset( $this->attributes["required"] ) && $this->attributes["required"] == "yes" && strlen( $value ) == 0 )
{
    $this->addValidationError( 1 );
    return false;
}
return true;

This might lead to problems, as the user can pass any value to the element via the request. Possibly even a XSS issue!

Change History

comment:1 Changed 8 years ago by schst

Seems this is no XSS vulnerability as the value is never displayed, but still it would be more secure to check, whether the correct value has been sent by the browser and not just any value.

comment:2 Changed 8 years ago by schst

  • Description modified (diff)
  • Summary changed from Set element does not check for the correct value to Switch element does not check for the correct value

comment:3 Changed 8 years ago by argh

  • Status changed from new to closed
  • Resolution set to fixed

This is fixed in SVN.

Note: See TracTickets for help on using tickets.