Fix XSS in move_attachments_page.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Move Attachments admin page, allowing an attacker to inject arbitrary code through a crafted 'type' parameter. Sanitize the 'type' parameter prior to output, to ensure HTML special characters are properly escaped. Fixes #22568 Backported from 2.2.x ecef0e9 Conflicts: admin/move_attachments_page.php
mantisbt · Mar 29, 2017 · d31841c · d31841c
1 parent ec7c814
commit d31841c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/admin/move_attachments_page.php b/admin/move_attachments_page.php
@@ -175,7 +175,7 @@ function get_attachment_stats( $p_file_type, $p_in_db ) {
 </table>
 <span class="center">
 	<br />
-	<input name="type" type="hidden" value="<?php echo $f_file_type ?>" />
+	<input name="type" type="hidden" value="<?php echo string_attribute( $f_file_type); ?>" />
 	<input type="submit" class="button" value="Move Attachments" />
 </span>