Issue 66477 - Possible cross-site scripting issue
Summary: Possible cross-site scripting issue
Status: CLOSED FIXED
Alias: None
Product: Infrastructure
Classification: Infrastructure
Component: Website general issues (show other issues)
Version: current
Hardware: All All
: P3 Trivial (vote)
Target Milestone: ---
Assignee: pasco
QA Contact: issues@www
URL: http://securitydot.net/xpl/exploits/v...
Keywords: oooqa
Depends on:
Blocks:
 
Reported: 2006-06-15 15:22 UTC by pasco
Modified: 2008-05-17 23:26 UTC (History)
5 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description pasco 2006-06-15 15:22:35 UTC 
Hiya,

I'm not 100% sure what the author of this page is trying to say as the "Straight
URL" does not redirect; the "Continue to download" button does not work (using
IE/Firefox).

I thought it might be worth bringing this to the attention of the www team in
case there is an issue here.
Comment 1 lsuarezpotts 2006-06-15 16:45:03 UTC 
thanks adam, looking into this.

Not sure how serious this is. Stefan,  Pavel?
Comment 2 bernd.eilers 2006-06-15 17:21:46 UTC 
I have already fixed this in the meantime! Stefan saw that URL yesterday and it
was well me who introduced the problem *sigh*. The security issue has been fixed
for this 2.0.2 Version mentioned in the URL and all other similar occurences in
other download pages for other versions.
Comment 3 bernd.eilers 2006-06-15 17:28:35 UTC 
BEI->pasco: That the "Continue to download" button does not work as described in
the URL is a good sign it means that the FIX I did works and the problem is no
longer existend. Please verify and close the issue.
Comment 4 pavel 2006-06-15 21:31:42 UTC 
.
Comment 5 bernd.eilers 2006-06-16 11:58:54 UTC 
The mechanism how the download page interacts with the contribution page has
been changed at the following URLs:

http://download.openoffice.org/1.1.5
http://download.openoffice.org/2.0.1
http://download.openoffice.org/2.0.2
http://download.openoffice.org/2.0.3rc1
http://download.openoffice.org/2.0.3rc2
http://download.openoffice.org/2.0.3rc3
http://download.openoffice.org/2.0.3rc4
http://download.openoffice.org/2.0.3rc5
http://download.openoffice.org/680

The contribution.html pages called from these URLs no longer use a continue
parameter which contains a URL but instead uses other parameters which describe
language, os and index number of download site in download site URL table.
Comment 6 stx123 2006-06-16 12:45:29 UTC 
Thanks for taking care of all the download areas. As soon as the site upgrade is
done we should remove all expect the current ones...
Comment 7 pasco 2006-07-28 09:47:37 UTC 
Marking as fixed as per bei's comments.
Comment 8 ace_dent 2008-05-17 21:23:30 UTC 
The Issue you raised has been marked as 'Resolved' and not updated within the
last 1 year+. I am therefore setting this issue to 'Verified' as the first step
towards Closing it. If you feel this is incorrect, please re-open the issue and
add any comments.

Many thanks,
Andrew
 
Cleaning-up and Closing old Issues
~ The Grand Bug Squash, pre v3 ~
http://marketing.openoffice.org/3.0/announcementbeta.html
Comment 9 ace_dent 2008-05-17 23:26:46 UTC 
As per previous posting: Verified -> Closed.
A Closed Issue is a Happy Issue (TM).

Regards,
Andrew