Bug #49959 for POE-Component-IRC-Plugin-WWW-GetPageTitle: Security flaw.

RT for rt.cpan.org

This queue is for tickets about the POE-Component-IRC-Plugin-WWW-GetPageTitle CPAN distribution.

Report information

The Basics

Id:	49959
Status:	resolved
Priority:	0/
Queue:	POE-Component-IRC-Plugin-WWW-GetPageTitle

People

Owner:	Nobody in particular
Requestors:	gerard.mail2345 [...] gmail.com
Cc:
AdminCc:

Bug Information

Severity:	(no value)
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Thu Sep 24 02:02:43 2009 gerard.mail2345 [...] gmail.com - Ticket created

Subject:	Security flaw.
Date:	Wed, 23 Sep 2009 20:02:14 -1000
To:	bug-POE-Component-IRC-Plugin-WWW-GetPageTitle [...] rt.cpan.org
From:	gerard null <gerard.mail2345 [...] gmail.com>

Tell it to get the title of a page with: <html><head><title>lol
<command>
</title></head></html> Subsitute command for some sort of irc command. Fairly serious. Platform is perl v5.10.0 built for i486-linux-gnu-thread-multi on Ubuntu Hardy Herdon with 2.6.27-11-generic linux kernel.

Sun Sep 27 11:03:24 2009 cpan [...] zoffix.com - Correspondence added

Subject:

RE: Security flaw.

Yup, major bug. I thought PoCo::IRC would take care of all that, but it obviously did not. I've fixed the plugin and updated version [0.0102] was just shipped to CPAN. Cheers!

Sun Sep 27 11:03:25 2009 The RT System itself - Status changed from 'new' to 'open'

Sun Sep 27 11:03:25 2009 cpan [...] zoffix.com - Status changed from 'open' to 'resolved'