Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS in bug_change_status_page.php
The value of the change_type parameter was not encoded before being
displayed as a hidden input.

This vulnerability was reported by Etienne Landais.

Fixes #22486
  • Loading branch information
dregad committed Mar 9, 2017
1 parent 23da4e0 commit a2d90ec
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion bug_change_status_page.php
Expand Up @@ -154,7 +154,7 @@
<input type="hidden" name="bug_id" value="<?php echo $f_bug_id ?>" />
<input type="hidden" name="status" value="<?php echo $f_new_status ?>" />
<input type="hidden" name="last_updated" value="<?php echo $t_bug->last_updated ?>" />
<input type="hidden" name="action_type" value="<?php echo $f_change_type; ?>" />
<input type="hidden" name="action_type" value="<?php echo string_attribute( $f_change_type ); ?>" />

<?php
$t_current_resolution = $t_bug->resolution;
Expand Down

0 comments on commit a2d90ec

Please sign in to comment.