Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Fixes #22579
mantisbt · Mar 29, 2017 · c9e5b1d · c9e5b1d
1 parent d31841c
commit c9e5b1d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/adm_config_report.php b/adm_config_report.php
@@ -525,7 +525,7 @@ function check_config_value( $p_config ) {
 					<input type="text" name="config_option"
 						value="<?php echo string_attribute( $t_edit_option ); ?>"
 						size="64" maxlength="64" />
-					<input type="hidden" name="original_config_option" value="<?php echo $t_edit_option; ?>" />
+					<input type="hidden" name="original_config_option" value="<?php echo string_attribute( $t_edit_option ); ?>" />
 				</span>
 				<span class="label-style"></span>
 			</div>