Skip to content

Commit

Permalink
Fix #11299: Custom menu links should be sanitised before output
Browse files Browse the repository at this point in the history 
If an administrator defines custom menu links (consisting of a caption
and URL) then these values should be escaped of special HTML characters
before being printed into the menu. This XSS issue is of no security
concern as it requires administrator access and manual modifications to
the configuration file.

Co-contributed-by: David Hicks <hickseydr@optusnet.com.au>
Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
  • Loading branch information
@dolmen @davidhicks
dolmen authored and davidhicks committed Sep 18, 2010
1 parent 38c5a1c commit d37df25
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions core/html_api.php
View file
Expand Up @@ -694,8 +694,8 @@ function prepare_custom_menu_options( $p_config ) {
foreach( $t_custom_menu_options as $t_custom_option ) {
$t_access_level = $t_custom_option[1];
if( access_has_project_level( $t_access_level ) ) {
$t_caption = lang_get_defaulted( $t_custom_option[0] );
$t_link = $t_custom_option[2];
$t_caption = string_html_specialchars( lang_get_defaulted( $t_custom_option[0] ) );
$t_link = string_attribute( $t_custom_option[2] );
$t_options[] = "<a href=\"$t_link\">$t_caption</a>";
}
}
Expand Down

0 comments on commit d37df25

Please sign in to comment.