Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-24528

MySQL: Failed SQL query is displayed in user login form if branch doesn't support utf8mb4 and user inserts a smiley in Username field

XMLWordPrintable

    • Prev.Sprint, S24-W32/33, S24-W34/35, S24-W36/37, S24-W38/39, S24-W40/41, S24-W42/43, S24-W44/45
    • 0.5

      Problem description: If the user inserts a utf8mb4 smiley into the login field in user login form, then a failed SQL statement is returned in the error message, in case if Zabbix, that works with a MySQL database, is compiled without utf8mb4 support:

      Steps to reproduce:

      1. Setup zabbix with MySQL without utf8mb4 support
      2. Open login page
      3. Insert a smiley into the login field (for example 🔥 or 🌭)
      4. Press "Sign in" button

      Result: The failed query is displayed in the error message (see the above screenshot)
      Expected: Same as in case of PostgreSQL, we shouldnot expose such information as table structure to users that are not even logged in. Expected error message:

      Incorrect user name or password or account is temporarily blocked.

        1. image-2024-05-22-18-08-51-644.png
          image-2024-05-22-18-08-51-644.png
          23 kB
        2. screenshot-1.png
          screenshot-1.png
          26 kB
        3. screenshot-2.png
          screenshot-2.png
          45 kB

            jfreibergs Janis Freibergs
            solonkins Sergejs Olonkins
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 9.5h
                9.5h