Skip to content

Commit c272c3f

Browse files
committed
Fix XSS in bug_change_status_page.php
The value of the change_type parameter was not encoded before being displayed as a hidden input. This vulnerability was reported by Etienne Landais. Fixes #22486
1 parent f8b2510 commit c272c3f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: bug_change_status_page.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -385,7 +385,7 @@
385385

386386
</tbody>
387387
</table>
388-
<input type="hidden" name="action_type" value="<?php echo $f_change_type; ?>" />
388+
<input type="hidden" name="action_type" value="<?php echo string_attribute( $f_change_type ); ?>" />
389389

390390
</div>
391391
</div>

0 commit comments

Comments
 (0)