wondercms icon indicating copy to clipboard operation
wondercms copied to clipboard

Published 20 hours ago verified publisher icon WonderCMS

System administration should escape data

Open joho1968 opened this issue 1 year ago • 3 comments

If I specify the string <a href="https:// åäö, this is cool!, the admin interface does not seem to work very well when I click on the Menu option. I think all output in the System administration section need to escape configuration option values, using htmlentities() or some other mechanism.

joho1968 avatar May 31 '23 13:05 joho1968

Having said that, my "trial theme" does precisely that and seem to break the Simple Blog plugin (in one distinct place).

joho1968 avatar May 31 '23 22:05 joho1968

Hello @joho1968, when trying to reproduce the issue with a page named: "åäö, this is cool!", everything worked as expected, would you mind providing a screenshot of the issue?

robiso avatar Nov 01 '23 13:11 robiso

You need to enter the full HTML above: <a href="https:// åäö, this is cool! and then WonderCMS starts to behave somewhat erratically.

This is what I get when I'm in the Menu section of admin:

image

Unfortunately, it's very hard to take a screenshot after clicking on the "Edit" button for the field, but it contains a lot of strange HTML, etc.

joho1968 avatar Nov 06 '23 08:11 joho1968