Fix h1 report 986365

revive-adserver · Jan 19, 2021 · 00fdb8d · 00fdb8d
1 parent 62a2a04
commit 00fdb8d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
@@ -34,6 +34,9 @@ What's New in Revive Adserver 5.1.0
    when displaying the website URL in the affiliate-preview.php tag
    generation page.
 
+ * Fixed a reflected XSS vulnerability in afr.php that could still be achieved
+   on legacy browsers, bypassing a previous fix.
+
 
  New Features
  ------------

diff --git a/www/delivery_dev/afr.php b/www/delivery_dev/afr.php
@@ -77,7 +77,7 @@
 
     $refresh = (int)$refresh;
     // JS needs to be escaped twice: the setTimeout argument is evaluated at runtime
-    $jsDest = addcslashes(addcslashes($dest, "\0..\37\"\\"), "'\\");
+    $jsDest = addcslashes(addcslashes($dest, "\0..\37/\"\\"), "'\\");
     $htmlDest = htmlspecialchars($dest, ENT_QUOTES);
 
     // Try to use JS location.replace since browsers deal with this and history much better than meta-refresh