Skip to content

Commit bd094de

Browse files
atroldregad
authored andcommitted
Fix XSS on project documentation
Vulnerability in deprecated project documentation functionality ($g_enable_project_documentation), allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. Prevent the attack by sanitizing the filename before display. Fixes #26078
1 parent b39d872 commit bd094de

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: proj_doc_edit_page.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@
122122
$t_href = '<a href="file_download.php?file_id='.$v_id.'&amp;type=doc">';
123123
echo $t_href;
124124
print_file_icon( $v_filename );
125-
echo '</a>&#160;' . $t_href . file_get_display_name( $v_filename ) . '</a>';
125+
echo '</a>&#160;' . $t_href . string_html_specialchars( file_get_display_name( $v_filename ) ) . '</a>';
126126
?>
127127
</td>
128128
</tr>

0 commit comments

Comments
 (0)