Skip to content

Commit

Permalink
Resolving Issue #867
Browse files Browse the repository at this point in the history
Cross-site scripting (XSS) vulnerability in auth_profile.php
  • Loading branch information
cigamit committed Jul 21, 2017
1 parent 30bbf22 commit 104090a
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
6 changes: 3 additions & 3 deletions auth_profile.php
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ function settings() {

form_start('auth_profile.php');

html_start_box( __('User Account Details'), '100%', true, '3', 'center', '');
html_start_box(__('User Account Details'), '100%', true, '3', 'center', '');

$current_user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE id = ?', array($_SESSION['sess_user_id']));

Expand Down Expand Up @@ -418,7 +418,7 @@ function langChange() {
});

$('input[value="<?php print __esc('Return');?>"]').unbind().click(function(event) {
document.location = '<?php print $_SESSION['profile_referer'];?>';
document.location = '<?php print htmlspecialchars($_SESSION['profile_referer']);?>';
});
});

Expand All @@ -427,7 +427,7 @@ function langChange() {

form_hidden_box('save_component_graph_config','1','');

form_save_buttons(array(array('id' => 'return', 'value' => 'Return'), array('id' => 'save', 'value' => 'Save')));
form_save_buttons(array(array('id' => 'return', 'value' => __esc('Return')), array('id' => 'save', 'value' => __esc('Save'))));

form_end();
}
Expand Down
1 change: 1 addition & 0 deletions docs/CHANGELOG
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ Cacti CHANGELOG
-issue#861: The search filter does not support Cyrillic
-issue#862: Automation - When editing Graph Rules, unable to Change Data Query
-issue#863: Typo error in auth_login.php for LDAP authentication
-issue#867: Cross-site scripting (XSS) vulnerability in auth_profile.php
-issue: Link's not showing in Automation Graph and Tree rules on Sunshine theme
-feature: Resize Graphs on Graph page to be responsive

Expand Down

0 comments on commit 104090a

Please sign in to comment.