Permalink
Browse files

Fix #16513: XSS in account_sponsor_page.php project names

account_sponsor_page.php.php does not correctly sanitise project
names. It is thus possible for a malicious user with project
manager access permissions (or higher) to let users execute
malicious JavaScript when visiting account_sponsor_page.php.
  • Loading branch information...
atrol authored and dregad committed Oct 19, 2013
1 parent faaa3ed commit ad929d486bad460e9bd23eeec1e1e4bf828b7cb4
Showing with 2 additions and 2 deletions.
  1. +2 −2 account_sponsor_page.php
View
@@ -138,7 +138,7 @@
echo '<tr bgcolor="' . get_status_color( $t_bug->status, auth_get_current_user_id(), $t_bug->project_id ) . '">';
echo '<td><a href="' . string_get_bug_view_url( $row['bug'] ) . '">' . bug_format_id( $row['bug'] ) . '</a></td>';
- echo '<td>' . project_get_field( $t_bug->project_id, 'name' ) . '&#160;</td>';
+ echo '<td>' . string_display_line( project_get_field( $t_bug->project_id, 'name' ) ) . '&#160;</td>';
echo '<td class="right">' . $t_released_label . '&#160;</td>';
echo '<td><span class="issue-status" title="' . $t_resolution . '">' . $t_status . '</span></td>';
echo '<td>';
@@ -248,7 +248,7 @@
echo '<tr bgcolor="' . get_status_color( $t_bug->status, auth_get_current_user_id(), $t_bug->project_id ) . '">';
echo '<td><a href="' . string_get_bug_view_url( $row['bug'] ) . '">' . bug_format_id( $row['bug'] ) . '</a></td>';
- echo '<td>' . project_get_field( $t_bug->project_id, 'name' ) . '&#160;</td>';
+ echo '<td>' . string_display_line( project_get_field( $t_bug->project_id, 'name' ) ) . '&#160;</td>';
echo '<td class="right">' . $t_released_label . '&#160;</td>';
echo '<td><a title="' . $t_resolution . '"><u>' . $t_status . '</u>&#160;</a></td>';

0 comments on commit ad929d4

Please sign in to comment.