ThisIs_MyName

Joined on Feb 02, 2018
1 Followers - 1 Following

Loading Heatmap…

ThisIs_MyName created pull request Oppaitime/Gazelle#37

Escape username and password during u2f login

7 years ago

ThisIs_MyName pushed to u2f-fix-1 at ThisIs_MyName/Gazelle

2a55b50b7d Escape username and password during u2f login Untested partial fix for issue #36
fbfb770390 Fix scope resolution error in badge class
2cf5334b4c Clean up forum posting - Check post size - Use prepared queries - Remove now-pointless injection protection
97ccf75ed0 Pare down notification filters
b20a12ccd4 Default ehentai api to japanese language Tenboro said to

7 years ago

ThisIs_MyName created repository ThisIs_MyName/Gazelle

7 years ago

ThisIs_MyName commented on issue Oppaitime/Gazelle#36

U2F login is broken

Ok I see why bug #2 is happening: I HTML-injected myself because my password contains a `"` and [`$_POST['password']` is not HTML-escaped in u2f.php](https://git.oppaiti.me/Oppaitime/Gazelle/src/commit/fbfb770390e588ed0ca08e393e2851b4a71f3576/sections/login/u2f.php#L17)

7 years ago

ThisIs_MyName opened issue Oppaitime/Gazelle#36

U2F login is broken

7 years ago