Fix #12238: XSS in print_all_bug_page_word.php project/category names

print_all_bug_page_word.php does not correctly sanitise project and category names. It is thus possible for a malicious user with project manager access permissions (or higher) to redirect users to print_all_bug_page_word.php to execute malicious JavaScript.
mantisbt · Aug 5, 2010 · bfc9e9f · bfc9e9f
1 parent 7ab71d0
commit bfc9e9f
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/print_all_bug_page_word.php b/print_all_bug_page_word.php
@@ -215,7 +215,7 @@
 		<?php echo $t_id ?>
 	</td>
 	<td class="print">
-		<?php echo "[$t_project_name] $t_category_name" ?>
+		<?php echo '[' . string_display_line( $t_project_name ) . '] ' . string_display_line( $t_category_name ) ?>
 	</td>
 	<td class="print">
 		<?php echo get_enum_element( 'severity', $t_bug->severity ) ?>
@@ -555,7 +555,7 @@
 							}
 							echo implode( ', ', $t_to ) . '<br />';
 						default:
-							echo $t_bugnote->note;
+							echo string_display_links( $t_bugnote->note );
 					}
 				?>
 			</td>