Skip to content

Commit

Permalink
Fix stored and reflected XSS vulnerabilities
Browse files Browse the repository at this point in the history 
as described in VN: JVN#18387086 / TN: JPCERT#95011159 advisory.
  • Loading branch information
@koosh
koosh committed Jan 27, 2015
1 parent 94d5526 commit 1bc2728
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions classes/adminpage.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,8 @@ function print_language_selectbox() {
<table border="0" cellspacing="0" cellpadding="1">
<form name="languageform" method=get>
<? foreach($site->fdat as $fdat_field=>$fdat_value) {
$fdat_value = htmlspecialchars(xss_clean($fdat_value));
$fdat_field = htmlspecialchars(xss_clean($fdat_field));
if($fdat_field != 'flt_keel') {?>
<input type=hidden name="<?=$fdat_field?>" value="<?=$fdat_value?>">
<? }
Expand Down

2 comments on commit 1bc2728

@fgeek
Copy link

@fgeek fgeek commented on 1bc2728 Apr 8, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0876

@koosh
Copy link
Collaborator Author

@koosh koosh commented on 1bc2728 Apr 8, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0876 links to the same vulnerability as this commit fixes (as described the commit message).

Please sign in to comment.