Anope Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001715Anope Stable (2.0.x series)[All Projects] Generalpublic2018-03-04 01:092018-03-27 03:19
Reporterlinuxdaemon 
Assigned ToAdam 
PrioritynormalSeverityminorReproducibilitysometimes
StatusresolvedResolutionfixed 
PlatformOSOS Version
Summary0001715: Header parsing in webcpanel is not case-insensitive
DescriptionIf a browser sends a cookie header as 'cookie: data' instead of 'Cookie: data', the web panel does not parse it as a cookie. Header names should be parsed case-insensitively. If a browser sends a cookie in this fashion, the user is unable to log in at all.
Steps To Reproduce1. Get your cookie data from a valid login to the anope web panel
2. curl 'anope.my.website/nickserv/info' -H 'cookie: data' --location
3. You will be redirected to 'anope.my.website' due to not being logged in.
Additional InformationGoogle Chrome (Version 64.0.3282.186 (Official Build) (64-bit)) appears to send the cookie header in this fashion, causing a user to be unable to log in to the web panel.
Tagswebcpanel
Attached Files

- Relationships

-  Notes
(0006852)
Adam (administrator)
2018-03-27 03:19

Fixed in d25722ddd0766cba2c33614e326d241d3f1f7eeb
(0006851)
linuxdaemon (reporter)
2018-03-04 01:13

See: https://github.com/elm-lang/http/issues/31 [^]
It appears this is planned for more browsers and will become standard.

- Issue History
Date Modified Username Field Change
2018-03-04 01:09 linuxdaemon New Issue
2018-03-04 01:09 linuxdaemon Tag Attached: webcpanel
2018-03-04 01:13 linuxdaemon Note Added: 0006851
2018-03-27 03:19 Adam Note Added: 0006852
2018-03-27 03:19 Adam Status new => resolved
2018-03-27 03:19 Adam Resolution open => fixed
2018-03-27 03:19 Adam Assigned To => Adam


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker