Skip to content
Browse files

Encode UI error message to eliminate XSS

  • Loading branch information...
1 parent 81cf456 commit 7587e188bcb8b5f0ba4e4715c23379fdb55e2a17 Josh Lavin committed with jonjensen Jul 11, 2011
Showing with 2 additions and 1 deletion.
  1. +2 −1 dist/catalog_after.cfg
View
3 dist/catalog_after.cfg
@@ -73,7 +73,8 @@ sub {
$status = 0;
}
else {
- $Scratch->{ui_error} = "Not authorized for file $CGI->{mv_nextpage}";
+ my $file = $Tag->filter('encode_entities', $CGI->{mv_nextpage});
+ $Scratch->{ui_error} = "Not authorized for file $file";
$CGI->{mv_nextpage} = '__UI_BASE__/error';
$status = 1;
}

0 comments on commit 7587e18

Please sign in to comment.
Something went wrong with that request. Please try again.