[ZBX-14758] Cookie names and values should be URI-encoded - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Incident report
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.4.12, 4.0.0alpha9
Fix Version/s: 3.0.24rc1, 3.4.15rc1, 4.0.2rc1, 4.2.0alpha1, 4.2 (plan)
Component/s: Frontend (F)
Labels:
- cookie
- encoding
- frontend
- javascript
Environment:
all

Team:
Team B
Sprint:
Sprint 41, Sprint 42, Sprint 43, Sprint 44, Sprint 45, Sprint 46, Nov 2018
Story Points:
0.5

Description

File js/class.cookie.js does not encode cookies' name or value. As a result, some cookies such as 'cb_items_10114_1' are set with values containing invalid characters such as commas: "31757,31827,31828".

Accessing Zabbix directly, via NGINX + PHP, there is no problem.

Some federation services, such as Microsoft ADFS, however, do check cookie compliance, and return a HTTP 500 error instead of allowing Zabbix frontend to load.

There is a simple fix to that, only file js/class.cookie.js is affected. I've attached a patch as an exemple. Tested and working (see screenshot with cookies properly encoded).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

chrome.zabbix.cookies.png
7 kB
2018 Aug 22 23:18
js_class.cookie.patch
1 kB
2018 Aug 22 23:17

Activity

People

Assignee:: Ivo Kurzemnieks

Reporter:: Fernando Schmitt

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2018 Aug 22 23:19

Updated:: 2018 Nov 08 10:10

Resolved:: 2018 Nov 05 21:15