Fix #12230: XSS vulnerability when deleting maliciously named categories

As reported by Secunia, SA40832, there is an XSS vulnerability when deleting project categories that have been maliciously named. The chance of attack is low due to requiring project manager access to create malicious project categories in the first place. Thanks to John Reese for debugging this issue.
mantisbt · Aug 4, 2010 · a374a7c · a374a7c
1 parent 49070ba
commit a374a7c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/manage_proj_cat_delete.php b/manage_proj_cat_delete.php
@@ -31,7 +31,7 @@
 
 	auth_reauthenticate();
 
-	$f_category_id = gpc_get_string( 'id' );
+	$f_category_id = gpc_get_int( 'id' );
 	$f_project_id = gpc_get_int( 'project_id' );
 
 	access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );
@@ -46,7 +46,7 @@
 	$t_bug_count = db_result( db_query_bound( $t_query, array( $f_category_id ) ) );
 
 	# Confirm with the user
-	helper_ensure_confirmed( sprintf( lang_get( 'category_delete_sure_msg' ), $t_name, $t_bug_count ),
+	helper_ensure_confirmed( sprintf( lang_get( 'category_delete_sure_msg' ), string_display_line( $t_name ), $t_bug_count ),
 		lang_get( 'delete_category_button' ) );
 
 	category_remove( $f_category_id );