Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Encode UI error message to eliminate XSS

  • Loading branch information...
commit 7587e188bcb8b5f0ba4e4715c23379fdb55e2a17 1 parent 81cf456
@perusionjosh perusionjosh authored jonjensen committed
Showing with 2 additions and 1 deletion.
  1. +2 −1  dist/catalog_after.cfg
View
3  dist/catalog_after.cfg
@@ -73,7 +73,8 @@ sub {
$status = 0;
}
else {
- $Scratch->{ui_error} = "Not authorized for file $CGI->{mv_nextpage}";
+ my $file = $Tag->filter('encode_entities', $CGI->{mv_nextpage});
+ $Scratch->{ui_error} = "Not authorized for file $file";
$CGI->{mv_nextpage} = '__UI_BASE__/error';
$status = 1;
}
Please sign in to comment.
Something went wrong with that request. Please try again.