Skip to content

Commit 43a0757

Browse files
committed
fix: [security] Fix reflected xss via unsanitized URL parameters
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
1 parent 3182790 commit 43a0757

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

Diff for: app/View/Users/statistics_orgs.ctp

+3-1
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,9 @@
1212
'external' => array('selected' => false, 'text' => __('Known remote organisations')),
1313
'all' => array('selected' => false, 'text' => __('All organisations'))
1414
);
15-
$types[$scope]['selected'] = true;
15+
if (isset($types[$scope])) {
16+
$types[$scope]['selected'] = true;
17+
}
1618
?>
1719
<h4><?php echo __('Organisation list');?></h4>
1820
<p><?php echo __('Quick overview over the organisations residing on or known by this instance.');?></p>

0 commit comments

Comments
 (0)