Browse files

Fix #15415: XSS vulnerability on Configuration Report page

A project name containing javascript code results in execution of said
code when displaying the filter's project list.

Note that despite using the same function to display the option list,
the vulnerability does not exist for usernames (due to input
restrictions in place when creating/updating user accounts) or config
names (which must exist in config_default_inc.php and must be valid php
  • Loading branch information...
1 parent e61e63c commit c61dc631b4c37547a25e1306ed90aa09e9e1b837 @dregad dregad committed Jan 23, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 adm_config_report.php
2 adm_config_report.php
@@ -97,7 +97,7 @@ function print_option_list_from_array( $p_array, $p_filter_value ) {
foreach( $p_array as $t_key => $t_value ) {
echo "<option value='$t_key'";
check_selected( $p_filter_value, $t_key );
- echo ">$t_value</option>\n";
+ echo ">" . string_attribute( $t_value ) . "</option>\n";

0 comments on commit c61dc63

Please sign in to comment.