Bug #13811: fixing stored XSS leading to full account takeover

SilverYoCha · SilverYoCha · commit b1e7f4fb7a63 · 2023-11-10T18:29:41.000+01:00
diff --git a/yellowpages/yellowpages-war/src/main/webapp/yellowpages/jsp/topicManager.jsp b/yellowpages/yellowpages-war/src/main/webapp/yellowpages/jsp/topicManager.jsp
@@ -158,7 +158,7 @@ function addGroup() {
 }
 
 function contactGoTo(id) {
-	location.href = "ContactUpdate?ContactId="+id;
+  sp.formRequest("ContactUpdate?ContactId=" + id).byPostMethod().submit();
 }
 
 function contactDeleteConfirm(id) {

Original file line number	Diff line number	Diff line change
`@@ -158,7 +158,7 @@ function addGroup() {`
`158`	`158`	`}`
`159`	`159`
`160`	`160`	`function contactGoTo(id) {`
`161`		`- location.href = "ContactUpdate?ContactId="+id;`
	`161`	`+ sp.formRequest("ContactUpdate?ContactId=" + id).byPostMethod().submit();`
`162`	`162`	`}`
`163`	`163`
`164`	`164`	`function contactDeleteConfirm(id) {`