Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#776 Search Form Vulnerable to Cross-Site Scripting

closed-fixed
nobody
Unknown (53)
9
2003-12-22
2003-09-09
Michael Wright
No

The search form in Tiki Wiki is vulnerable to
cross-site scripting attempts. tiki-searchresults.php
needs to be modified to make sure that the search
request is clean of HTML. I would suggest setting a
variable at the top of the page equal to
strip_tags($_REQUEST["words"]) and just use that
variable everywhere. This makes things a bit cleaner as
you only have to worry about strip_tags once.

Discussion

  • Michael Wright
    Michael Wright
    2003-09-09

    • priority: 5 --> 9
     
    • status: open --> closed-fixed
     
  • Logged In: YES
    user_id=183182

    fixed in 1.7.5 and 1.8. Thanks.