You are here: Foswiki>Tasks Web>Item13384 (17 Aug 2015, GeorgeClark)Edit Attach

Item13384: Entering backslash into the search box escapes the quote in the %SEARCH macro

pencil
Priority: Low
Current State: Confirmed
Released In: n/a
Target Release: minor
Applies To: Engine
Component: SEARCH, TopicMarkup
Branches:
Reported By: JozefMojzis
Waiting For:
Last Change By: GeorgeClark

How to reproduce

  • Enter backslash into the search box
  • press enter

the following is appear

Searched: " type="word

so something is escaped. Maybe not exploitable... but for sure reporting it.

-- JozefMojzis - 25 Apr 2015

Crawford, I can confirm that this escape behaviour happens on both 1.1.9 and 1.2.0.

No idea if there is some way to exploit it, but the backslash seems to be escaping a quote in an eval'd string somewhere.

-- GeorgeClark - 25 Apr 201

From a private message:
(09:59:29 PM) gac410: The backslash issue appears to be in the WebSearch page itself and not in the perl.
(09:59:42 PM) gac410: "%<nop>URLPARAM{"search" encode="quote"}%"
(09:59:42 PM) gac410:     type="%<nop>URLPARAM{"type" default="word"}%"
(10:00:11 PM) gac410: So when the search param is \,   it runs together the search string and the type= option.
(10:00:24 PM) jomo: cool - so not usable as a hack... ;)
(10:00:32 PM) gac410: I don't think that this is a security issue.   But it still isn't right.
(10:00:46 PM) gac410: I have no idea how to fix it. 

I am not sure how to enter a backslash into a macro without it being treated as an escape. I tried entering a double-backslash, and it still escapes the quote. I can't find a general discussion on entering escapes in macro arguments, and how to escape the escapes.

Searched: " type="word
Number of topics: 0

-- GeorgeClark - 25 Apr 2015

Since it's a TML issue, downgrading this task to low.

-- GeorgeClark - 26 Apr 2015
 

ItemTemplate edit

Summary Entering backslash into the search box escapes the quote in the %SEARCH macro
ReportedBy JozefMojzis
Codebase 1.2.0 beta1, 1.1.9, trunk
SVN Range
AppliesTo Engine
Component SEARCH, TopicMarkup
Priority Low
CurrentState Confirmed
WaitingFor
Checkins
TargetRelease minor
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release01x01Checkins
Topic revision: r5 - 17 Aug 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy