OS: ubuntu 14.04.4
Versions:
$ apt-show-versions sabnzbdplus sabnzbdplus-theme-glitter
sabnzbdplus:all/trusty 1.0.0-0ubuntu1~jcfp1~trusty uptodate
sabnzbdplus-theme-glitter:all/trusty 1.0.0-0ubuntu1~jcfp1~trusty uptodate
Issue: When loading the main page of sabnzbd, the page is overrun by lines that appear to be log messages. Looking at the web inspector, I can see that the glitterPreLoadHistory variable contains lines that have html markup. The log lines are not being sanitized for quotes or html tags, thus screwing up the interface. The web inspector throws several exceptions, citing illegal characters.
At some point, a post-process script called some sabnzbd url, which resulted in html being returned. This html content is injected into the log lines and is being injected into the DOM.
The log has quite a bit of identifying information (indexer api keys, nzb names/locations, and ip addresses. If an interested developer gets in touch, I can send over the generated HTML I see on the page.
Thanks for an awesome product!
sab 1.0.0 glitterPreLoadHistory not sanitized
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: sab 1.0.0 glitterPreLoadHistory not sanitized
We are aware and have fixed the problem, it will be in version 1.0.1. Hopefully released soon..
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: sab 1.0.0 glitterPreLoadHistory not sanitized
Awesome, thank you!