Skip to content
Permalink
Browse files Browse the repository at this point in the history
xss: Saved Search Name
This mitigates an issue discovered by Matthew Aberegg where the Name field
for Saved Searches can be exploited via XSS to execute code. This sanitizes
the `$_POST['queue-name']` variable via `Format::htmlchars()` so we are
safe from any XSS attempts on creations and updates. All other Saved Search
content is parsed/sanitized correctly.
  • Loading branch information
JediKev committed Apr 28, 2020
1 parent fc4c860 commit d54cca0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions include/ajax.search.php
Expand Up @@ -202,6 +202,7 @@ function saveSearch($id=0) {
}

function _saveSearch(SavedSearch $search) {
$_POST['queue-name'] = Format::htmlchars($_POST['queue-name']);

// Validate the form.
$form = $search->getForm($_POST);
Expand Down

0 comments on commit d54cca0

Please sign in to comment.