Skip to content
Permalink
Browse files Browse the repository at this point in the history
pnp/views/kohana_error_page: plug another XSS hole
By issuing the request
GET pnp/$item?996fb"><script>alert(1)</script><"951e1=1
an alert is triggered in the meta refresh tag.

The hole is plugged by not setting the URL of the meta refresh.
The default behavior is to refresh the current page, which is what
we want anyway.

Change-Id: I6af0b15c929f95d651a576d46b99d2e1a88fe601

Signed-off-by: Mikael Falkvidd <mfalkvidd@op5.com>
  • Loading branch information
Mikael Falkvidd committed Jun 13, 2014
1 parent f02ae9b commit e4a1976
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion share/pnp/application/views/kohana_error_page.php
Expand Up @@ -4,7 +4,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php if(isset ( $_SERVER['REQUEST_URI'])):?>
<meta http-equiv="refresh" content="60; url=<?php echo $_SERVER['REQUEST_URI'] ?>">
<meta http-equiv="refresh" content="60">
<?php endif ?>
<title><?php echo $error ?></title>
<?php echo html::stylesheet('media/css/common.css') ?>
Expand Down

0 comments on commit e4a1976

Please sign in to comment.