Fix XSS in move_attachments_page.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Move Attachments admin page, allowing an attacker to inject arbitrary code through a crafted 'type' parameter. Sanitize the 'type' parameter prior to output, to ensure HTML special characters are properly escaped. Fixes #22568
mantisbt · Mar 29, 2017 · 2d55c64 · 2d55c64
1 parent 385a13c
commit 2d55c64
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/admin/move_attachments_page.php b/admin/move_attachments_page.php
@@ -188,7 +188,7 @@ function get_attachment_stats( $p_file_type, $p_in_db ) {
 
 </table>
 <div class="widget-toolbox padding-8 clearfix">
-	<input name="type" type="hidden" value="<?php echo $f_file_type ?>" />
+	<input name="type" type="hidden" value="<?php echo string_attribute( $f_file_type); ?>" />
 	<input type="submit" class="btn btn-primary btn-white btn-round" value="Move Attachments" />
 </div>
 </div>