Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS on project documentation
Vulnerability in deprecated project documentation functionality
($g_enable_project_documentation), allowing execution of arbitrary
code (if CSP settings permit it) after uploading an attachment with a
crafted filename.

Prevent the attack by sanitizing the filename before display.

Fixes #26078
  • Loading branch information
atrol authored and dregad committed Aug 25, 2019
1 parent b39d872 commit bd094de
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion proj_doc_edit_page.php
Expand Up @@ -122,7 +122,7 @@
$t_href = '<a href="file_download.php?file_id='.$v_id.'&amp;type=doc">';
echo $t_href;
print_file_icon( $v_filename );
echo '</a>&#160;' . $t_href . file_get_display_name( $v_filename ) . '</a>';
echo '</a>&#160;' . $t_href . string_html_specialchars( file_get_display_name( $v_filename ) ) . '</a>';
?>
</td>
</tr>
Expand Down

0 comments on commit bd094de

Please sign in to comment.