[Bug 322952] Re: several reports will not allow submitting parameters

Thierry Carrez thierry.carrez at ubuntu.com
Fri Jan 30 13:46:16 GMT 2009

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

The url_encode calls were added in 3.0.2 to fix XSS security issues,
however the implementation was buggy, as you saw.

It was later fixed in 3.0.4 by using a new "escape_string" function. We
need to pull that one (from cgi/cgiutils.c) to properly fix this bug,
together with all the CGIs modified to take advantage of it.

I am closing this bug because it has been fixed in the latest
development version of Ubuntu - the Jaunty Jackalope.

If you need a fix for the bug for 8.10, please do steps 1 and 2 of the
SRU Procedure [1] to bring the need to a developer's attention.

[1]: https://wiki.ubuntu.com/StableReleaseUpdates#Procedure

** Changed in: nagios3 (Ubuntu)
       Status: New => Fix Released

several reports will not allow submitting parameters
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios3 in ubuntu.

More information about the Ubuntu-server-bugs mailing list