Skip to content

Commit 7086c2d

Browse files
committed
Fix XSS in view_all_bug_page.php
The value of the view_type parameter on the view_all_bug_page.php page was not encoded before being displayed. This vulnerability was discovered by Will Dollman of Netcraft Ltd. Initial patch modified to use strict comparison per Will's suggestion. Fixes #21611
1 parent b66af6d commit 7086c2d

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

Diff for: core/filter_api.php

+6
Original file line numberDiff line numberDiff line change
@@ -489,9 +489,15 @@ function filter_ensure_valid_filter( array $p_filter_arr ) {
489489
# if the version is old, update it
490490
$p_filter_arr['_version'] = FILTER_VERSION;
491491
}
492+
493+
# Filter view type - ensure it's either 'simple' or 'advanced' (prevent XSS)
492494
if( !isset( $p_filter_arr['_view_type'] ) ) {
493495
$p_filter_arr['_view_type'] = gpc_get_string( 'view_type', 'simple' );
494496
}
497+
if( $p_filter_arr['_view_type'] !== 'advanced' ) {
498+
$p_filter_arr['_view_type'] = 'simple';
499+
}
500+
495501
if( !isset( $p_filter_arr[FILTER_PROPERTY_ISSUES_PER_PAGE] ) ) {
496502
$p_filter_arr[FILTER_PROPERTY_ISSUES_PER_PAGE] = gpc_get_int( FILTER_PROPERTY_ISSUES_PER_PAGE, config_get( 'default_limit_view' ) );
497503
}

0 commit comments

Comments
 (0)