Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Ported from 1.3.x commit c9e5b1d. Fixes #22579
mantisbt · Mar 29, 2017 · 0243375 · 0243375
1 parent 2d55c64
commit 0243375
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/adm_config_report.php b/adm_config_report.php
@@ -580,7 +580,7 @@ function check_config_value( $p_config ) {
 					<input type="text" name="config_option" class="input-sm"
 						   value="<?php echo string_display_line( $t_edit_option ); ?>"
 						   size="64" maxlength="64" />
-					<input type="hidden" name="original_config_option" value="<?php echo $t_edit_option; ?>" />
+					<input type="hidden" name="original_config_option" value="<?php echo string_display_line( $t_edit_option ); ?>" />
 				</td>
 			</tr>