281205 - Report comment link doesn't work

Status: RESOLVED FIXED

(addons.mozilla.org Graveyard :: Public Pages, defect)

Description

[daneel]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

At
https://update.mozilla.org/themes/moreinfo.php?application=firefox&version=1.0&os=Windows&category=Animals&id=104&&page=comments,
 I cannot report the inappropriate rating by DaRude.  I click on the "Report
Comment" link, and it takes me to an "Access Forbidden" page.

Reproducible: Always

Steps to Reproduce:
1. Go to any Firefox theme's page
2. Click "Read All Opinions"
3. Click "Report Comment"

Actual Results:  
I got a "Forbidden:  You don't have permission to access /core/reportcomment.php
on this server." message.

Expected Results:  
Given me either a confirmation page or a page to elaborate on why I am reporting
the comment.

I am using the Red Cats (Green Version) skin.

Comment 1

[alanjstr]

Dave -

I don't see any reason to 403 this page.  Can you unblock it?

Comment 2

[Dave Miller [:justdave]]

OK, I did a brief audit of that file:

The SQL all looks good, however the "To return to where you were browsing" link
contains a few potential XSS due to improper escaping.

I'll wait for cbeard or kveton to sign off on it before I open it up, but it's
my opinion that the file is safe to remove the 403 on the page if that link is
removed.

Comment 3

[Dave Miller [:justdave]]

Nobody ever signed off on deploying this change.  At this point I think it'll
get taken care of with the impending site updates.  Reassigning to default to
get it off my buglist.