Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-14758

Cookie names and values should be URI-encoded

    Details

    • Team:
      Team B
    • Sprint:
      Sprint 41, Sprint 42, Sprint 43, Sprint 44, Sprint 45, Sprint 46, Nov 2018
    • Story Points:
      0.5

      Description

      File js/class.cookie.js does not encode cookies' name or value. As a result, some cookies such as 'cb_items_10114_1' are set with values containing invalid characters such as commas: "31757,31827,31828".

      Accessing Zabbix directly, via NGINX + PHP, there is no problem.

      Some federation services, such as Microsoft ADFS, however, do check cookie compliance, and return a HTTP 500 error instead of allowing Zabbix frontend to load.

      There is a simple fix to that, only file js/class.cookie.js is affected. I've attached a patch as an exemple. Tested and working (see screenshot with cookies properly encoded).

        Attachments

          Activity

            People

            • Assignee:
              iivs Ivo Kurzemnieks
              Reporter:
              fernandosch Fernando Schmitt
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: