Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filtering Bug (PHP Code Passed) #10386

Open
juncelcarreon opened this issue Mar 28, 2024 · 1 comment
Open

Filtering Bug (PHP Code Passed) #10386

juncelcarreon opened this issue Mar 28, 2024 · 1 comment
Labels
Area:Search Issues & PRs related to all things regarding Search Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Severity: Major Significant impact/severe disruption Type: Bug Bugs within the core SuiteCRM codebase

Comments

@juncelcarreon
Copy link

Issue

I was copy pasting some PHP data beforehand and was trying to search for a Lead afterwards.

I was copying a lead name and immediately entered to search. What I checked by the time that it was already loading trying to search, is that in the input field the one that I copied is actually the PHP data I tried to copy beforehand

Expected Behavior

The behavior should have been this:
image

Actual Behavior

The PHP Code that I accidentally copied is now the ones showing on the Lead List View Page.
image

Possible Fix

For now the way I restored it is just use this URL:
http://mycrm.com/index.php?action=index&module=Leads&searchFormTab=advanced_search&query=true&clear_query=true

Steps to Reproduce

  1. Goto any Module (Mine is the Leads)
  2. Click on the Filter
  3. Copy a certain code (Mine is a PHP Code)
    image

Context

I believe this is just a rarity (I think). Not really affecting me that much since I found a solution to reset it.

Your Environment

  • SuiteCRM Version used: 7.11.21
  • Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Chrome
  • Environment name and version (e.g. MySQL, PHP 7): 7.4.27
  • Operating System and version (e.g Ubuntu 16.04): CentOs 7
@chris001
Copy link
Contributor

The code must sanitize the user input in the search box. This is required to fix this code injection vulnerability.

@johnM2401 johnM2401 added Type: Bug Bugs within the core SuiteCRM codebase Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Area:Search Issues & PRs related to all things regarding Search Severity: Major Significant impact/severe disruption labels Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area:Search Issues & PRs related to all things regarding Search Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Severity: Major Significant impact/severe disruption Type: Bug Bugs within the core SuiteCRM codebase
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chris001 @johnM2401 @juncelcarreon