Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fix #17890: XSS in extended project browser
Extended project browser allows projects to be passed in as A;B. helper_get_current_project() and helper_get_current_project_trace() then explodes the string by ';' and don't check that A is an int (a project / sub-project id). Finally, print_extended_project_browser() prints the result of the split into a javascript array. Paul Richards discovered the issue and wrote the original patch for it. His code was modified to remove a redudant typecast as well as an unnecessary foreach loop in helper_get_current_project(), replacing it with a single type cast.
- Loading branch information