Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: mantisbt/mantisbt
base: e61e63ca07d6
...
head fork: mantisbt/mantisbt
compare: 5858a659efe1
Checking mergeability… Don't worry, you can still create the pull request.
  • 2 commits
  • 1 file changed
  • 0 commit comments
  • 1 contributor
Commits on Jan 23, 2013
@dregad dregad Fix #15415: XSS vulnerability on Configuration Report page
A project name containing javascript code results in execution of said
code when displaying the filter's project list.

Note that despite using the same function to display the option list,
the vulnerability does not exist for usernames (due to input
restrictions in place when creating/updating user accounts) or config
names (which must exist in config_default_inc.php and must be valid php
identifiers).
c61dc63
@dregad dregad Fix #15416: XSS issue in adm_config_report.php
If a 'complex' config option contains javascript code, it would be
executed when displaying the page.
5858a65
Showing with 2 additions and 2 deletions.
  1. +2 −2 adm_config_report.php
View
4 adm_config_report.php
@@ -87,7 +87,7 @@ function print_config_value_as_string( $p_type, $p_value, $p_for_display = true
}
if( $p_for_display ) {
- echo "<pre>$t_output</pre>";
+ echo '<pre>' . string_attribute( $t_output ) . '</pre>';
} else {
echo $t_output;
}
@@ -97,7 +97,7 @@ function print_option_list_from_array( $p_array, $p_filter_value ) {
foreach( $p_array as $t_key => $t_value ) {
echo "<option value='$t_key'";
check_selected( $p_filter_value, $t_key );
- echo ">$t_value</option>\n";
+ echo ">" . string_attribute( $t_value ) . "</option>\n";
}
}

No commit comments for this range

Something went wrong with that request. Please try again.