Summary: refcount uses invalid XHTML markup
Created: 2011-09-22 21:50 UTC
Status: Closed - fixed for 2.2.33
OS: Linux 2.6.28/Apache 2.2/PHP 5.2.17
"?action=refcount" produces invalid XHTML. It looks like "HTML 4.01 Transitional", but PmWiki uses "XHTML 1.0 Transitional". So the function
Maybe there are other flaws to be verified, but the few are the obvious ones I've seen.
Additionally there are two other bugs in there:
Verifying is easy:
You'll get 371 errors (by now).
You'll get "This document was successfully checked as XHTML 1.0 Transitional!"
XSS can easily happen in the <option> values - check the $tlist and $flist processing if you're bored right now ;)
At the moment I don't see how, the option values and labels come from the internal ListPages() function, not from $_REQUEST (it is only checked to enable "selected" options). --Petko September 22, 2011, at 05:55 PM