Skip to content

Commit

Permalink
fix for 0006564: Port XSS Vulnerability in project documents (TKADV20…
Browse files Browse the repository at this point in the history 
…05-11-002)

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@3947 f5dc347c-c33d-0410-90a0-b07cc1902cb9
  • Loading branch information
@thraxisp
thraxisp committed Jan 6, 2006
1 parent cdeb39b commit d8dc074
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
11 changes: 8 additions & 3 deletions proj_doc_delete.php
View file
Expand Up @@ -6,7 +6,7 @@
# See the README and LICENSE files for details

# --------------------------------------------------------
# $Id: proj_doc_delete.php,v 1.25 2005-05-08 20:42:08 marcelloscata Exp $
# $Id: proj_doc_delete.php,v 1.26 2006-01-06 02:23:15 thraxisp Exp $
# --------------------------------------------------------

require_once( 'core.php' );
Expand All @@ -17,15 +17,20 @@
}

$f_file_id = gpc_get_int( 'file_id' );
$f_title = gpc_get_string( 'title', '' );

$t_project_id = file_get_field( $f_file_id, 'project_id', 'project' );

access_ensure_project_level( config_get( 'upload_project_file_threshold' ), $t_project_id );

$t_project_file_table = config_get( 'mantis_project_file_table' );
$query = "SELECT title FROM $t_project_file_table
WHERE id=$f_file_id";
$result = db_query( $query );
$t_title = db_result( $result );

# Confirm with the user
helper_ensure_confirmed( lang_get( 'confirm_file_delete_msg' ) .
'<br/>' . lang_get( 'filename' ) . ': ' . $f_title,
'<br/>' . lang_get( 'filename' ) . ': ' . string_display( $t_title ),
lang_get( 'file_delete_button' ) );

file_delete( $f_file_id, 'project' );
Expand Down
4 changes: 2 additions & 2 deletions proj_doc_page.php
View file
Expand Up @@ -6,7 +6,7 @@
# See the README and LICENSE files for details

# --------------------------------------------------------
# $Id: proj_doc_page.php,v 1.50 2005-08-16 14:36:43 thraxisp Exp $
# $Id: proj_doc_page.php,v 1.51 2006-01-06 02:23:16 thraxisp Exp $
# --------------------------------------------------------

require_once( 'core.php' );
Expand Down Expand Up @@ -111,7 +111,7 @@
echo '&nbsp;';
print_button( 'proj_doc_edit_page.php?file_id='.$v_id, lang_get( 'edit_link' ) );
echo '&nbsp;';
print_button( 'proj_doc_delete.php?file_id=' . $v_id . '&title=' . string_url( $v_title ), lang_get( 'delete_link' ) );
print_button( 'proj_doc_delete.php?file_id=' . $v_id, lang_get( 'delete_link' ) );
}
?>
</span>
Expand Down

0 comments on commit d8dc074

Please sign in to comment.