Fix #11236: XSS on view_all_bug_page.php with user Real Name field

If a user is selected in one of the user filters (reporter, monitored by, etc) and that user has a name containing HTML elements, the HTML elements would not be escaped prior to displaying them as the currently selected filter options.
mantisbt · Dec 1, 2009 · 4cb58c7 · 4cb58c7
1 parent 92561bc
commit 4cb58c7
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/core/filter_api.php b/core/filter_api.php
@@ -2217,7 +2217,7 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e
 			if( true == $t_any_found ) {
 				echo lang_get( 'any' );
 			} else {
-				echo $t_output;
+				echo string_display( $t_output );
 			}
 		}
 		?>
@@ -2255,7 +2255,7 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e
 			if( true == $t_any_found ) {
 				echo lang_get( 'any' );
 			} else {
-				echo $t_output;
+				echo string_display( $t_output );
 			}
 		}
 		?>
@@ -2294,7 +2294,7 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e
 			if( true == $t_any_found ) {
 				echo lang_get( 'any' );
 			} else {
-				echo $t_output;
+				echo string_display( $t_output );
 			}
 		}
 		?>
@@ -3256,7 +3256,7 @@ function <?php echo $t_js_toggle_func;?>() {
 			if( true == $t_any_found ) {
 				echo lang_get( 'any' );
 			} else {
-				echo $t_output;
+				echo string_display( $t_output );
 			}
 		}
 		?>