Skip to content
Permalink
Browse files

Resolving Issue #867

Cross-site scripting (XSS) vulnerability in auth_profile.php
  • Loading branch information...
cigamit committed Jul 21, 2017
1 parent 30bbf22 commit 104090aeead4aa433bf1f18cd6d52dcfeb71236c
Showing with 4 additions and 3 deletions.
  1. +3 −3 auth_profile.php
  2. +1 −0 docs/CHANGELOG
@@ -147,7 +147,7 @@ function settings() {
form_start('auth_profile.php');
html_start_box( __('User Account Details'), '100%', true, '3', 'center', '');
html_start_box(__('User Account Details'), '100%', true, '3', 'center', '');
$current_user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE id = ?', array($_SESSION['sess_user_id']));
@@ -418,7 +418,7 @@ function langChange() {
});
$('input[value="<?php print __esc('Return');?>"]').unbind().click(function(event) {
document.location = '<?php print $_SESSION['profile_referer'];?>';
document.location = '<?php print htmlspecialchars($_SESSION['profile_referer']);?>';
});
});
@@ -427,7 +427,7 @@ function langChange() {
form_hidden_box('save_component_graph_config','1','');
form_save_buttons(array(array('id' => 'return', 'value' => 'Return'), array('id' => 'save', 'value' => 'Save')));
form_save_buttons(array(array('id' => 'return', 'value' => __esc('Return')), array('id' => 'save', 'value' => __esc('Save'))));
form_end();
}
@@ -6,6 +6,7 @@ Cacti CHANGELOG
-issue#861: The search filter does not support Cyrillic
-issue#862: Automation - When editing Graph Rules, unable to Change Data Query
-issue#863: Typo error in auth_login.php for LDAP authentication
-issue#867: Cross-site scripting (XSS) vulnerability in auth_profile.php
-issue: Link's not showing in Automation Graph and Tree rules on Sunshine theme
-feature: Resize Graphs on Graph page to be responsive

0 comments on commit 104090a

Please sign in to comment.
You can’t perform that action at this time.