From: Glenn H. <thr...@us...> - 2006-01-01 02:56:50
|
Update of /cvsroot/mantisbt/mantisbt In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21463 Modified Files: print_bug_page.php print_all_bug_page.php manage_proj_edit_page.php manage_proj_create.php manage_config_workflow_page.php manage_config_work_threshold_page.php manage_config_email_page.php changelog_page.php bug_view_page.php bug_view_advanced_page.php Log Message: fix for 0006546: Port #6544: XSS Vulnerability in project name (TKADV2005-11-002) - Prevent HTML or scripts from being embedded in project name - Remove unwarranted HTML from project name Index: manage_config_workflow_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_config_workflow_page.php,v retrieving revision 1.16 retrieving revision 1.17 diff -u -d -r1.16 -r1.17 --- manage_config_workflow_page.php 31 Aug 2005 22:49:46 -0000 1.16 +++ manage_config_workflow_page.php 1 Jan 2006 02:56:39 -0000 1.17 @@ -398,7 +398,7 @@ if ( ALL_PROJECTS == $t_project ) { $t_project_title = lang_get( 'config_all_projects' ); } else { - $t_project_title = sprintf( lang_get( 'config_project' ) , project_get_name( $t_project ) ); + $t_project_title = sprintf( lang_get( 'config_project' ) , string_display( project_get_name( $t_project ) ) ); } echo '<p class="bold">' . $t_project_title . '</p>' . "\n"; echo '<p>' . lang_get( 'colour_coding' ) . '<br />'; Index: changelog_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/changelog_page.php,v retrieving revision 1.16 retrieving revision 1.17 diff -u -d -r1.16 -r1.17 --- changelog_page.php 29 Oct 2005 10:10:53 -0000 1.16 +++ changelog_page.php 1 Jan 2006 02:56:39 -0000 1.17 @@ -21,7 +21,7 @@ $t_version_name = version_get_field( $p_version_id, 'version' ); $t_project_name = project_get_field( $t_project_id, 'name' ); - $t_release_title = $t_project_name . ' - ' . $t_version_name; + $t_release_title = string_display( $t_project_name ) . ' - ' . string_display( $t_version_name ); echo $t_release_title, '<br />'; echo str_pad( '', strlen( $t_release_title ), '=' ), '<br />'; @@ -74,7 +74,7 @@ $t_version_rows = version_get_all_rows( $t_project_id ); - echo '<br /><span class="pagetitle">', $t_project_name, ' - ', lang_get( 'changelog' ), '</span><br /><br />'; + echo '<br /><span class="pagetitle">', string_display( $t_project_name ), ' - ', lang_get( 'changelog' ), '</span><br /><br />'; echo '<tt>'; $i = 0; Index: print_all_bug_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/print_all_bug_page.php,v retrieving revision 1.83 retrieving revision 1.84 diff -u -d -r1.83 -r1.84 --- print_all_bug_page.php 24 May 2005 23:22:48 -0000 1.83 +++ print_all_bug_page.php 1 Jan 2006 02:56:39 -0000 1.84 @@ -79,7 +79,7 @@ <table class="width100"><tr><td class="form-title"> <div class="center"> - <?php echo config_get( 'window_title' ) . ' - ' . project_get_name( $t_project_id ); ?> + <?php echo config_get( 'window_title' ) . ' - ' . string_display( project_get_name( $t_project_id ) ); ?> </div> </td></tr></table> Index: bug_view_advanced_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/bug_view_advanced_page.php,v retrieving revision 1.76 retrieving revision 1.77 diff -u -d -r1.76 -r1.77 --- bug_view_advanced_page.php 10 Aug 2005 19:59:13 -0000 1.76 +++ bug_view_advanced_page.php 1 Jan 2006 02:56:40 -0000 1.77 @@ -144,7 +144,7 @@ <!-- Category --> <td> <?php - $t_project_name = project_get_field( $t_bug->project_id, 'name' ); + $t_project_name = string_display( project_get_field( $t_bug->project_id, 'name' ) ); echo "[$t_project_name] $t_bug->category"; ?> </td> Index: manage_config_email_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_config_email_page.php,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- manage_config_email_page.php 16 Jul 2005 01:46:03 -0000 1.8 +++ manage_config_email_page.php 1 Jan 2006 02:56:39 -0000 1.9 @@ -229,7 +229,7 @@ if ( ALL_PROJECTS == $t_project ) { $t_project_title = lang_get( 'config_all_projects' ); } else { - $t_project_title = sprintf( lang_get( 'config_project' ) , project_get_name( $t_project ) ); + $t_project_title = sprintf( lang_get( 'config_project' ) , string_display( project_get_name( $t_project ) ) ); } echo '<p class="bold">' . $t_project_title . '</p>' . "\n"; echo '<p>' . lang_get( 'colour_coding' ) . '<br />'; Index: bug_view_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/bug_view_page.php,v retrieving revision 1.77 retrieving revision 1.78 diff -u -d -r1.77 -r1.78 --- bug_view_page.php 10 Aug 2005 19:59:13 -0000 1.77 +++ bug_view_page.php 1 Jan 2006 02:56:40 -0000 1.78 @@ -146,7 +146,7 @@ <!-- Category --> <td> <?php - $t_project_name = project_get_field( $t_bug->project_id, 'name' ); + $t_project_name = string_display( project_get_field( $t_bug->project_id, 'name' ) ); echo "[$t_project_name] $t_bug->category"; ?> </td> Index: print_bug_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/print_bug_page.php,v retrieving revision 1.56 retrieving revision 1.57 diff -u -d -r1.56 -r1.57 --- print_bug_page.php 10 Aug 2005 20:07:01 -0000 1.56 +++ print_bug_page.php 1 Jan 2006 02:56:39 -0000 1.57 @@ -65,7 +65,7 @@ <table class="width100" cellspacing="1"> <tr> <td class="form-title" colspan="6"> - <div class="center"><?php echo config_get( 'window_title' ) . ' - ' . project_get_name( $v_project_id ) ?></div> + <div class="center"><?php echo config_get( 'window_title' ) . ' - ' . string_display( project_get_name( $v_project_id ) ) ?></div> </td> </tr> <tr> Index: manage_config_work_threshold_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_config_work_threshold_page.php,v retrieving revision 1.11 retrieving revision 1.12 diff -u -d -r1.11 -r1.12 --- manage_config_work_threshold_page.php 1 Aug 2005 13:42:55 -0000 1.11 +++ manage_config_work_threshold_page.php 1 Jan 2006 02:56:39 -0000 1.12 @@ -242,7 +242,7 @@ if ( ALL_PROJECTS == $t_project_id ) { $t_project_title = lang_get( 'config_all_projects' ); } else { - $t_project_title = sprintf( lang_get( 'config_project' ) , project_get_name( $t_project_id ) ); + $t_project_title = sprintf( lang_get( 'config_project' ) , string_display( project_get_name( $t_project_id ) ) ); } echo '<p class="bold">' . $t_project_title . '</p>' . "\n"; echo '<p>' . lang_get( 'colour_coding' ) . '<br />'; Index: manage_proj_edit_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_proj_edit_page.php,v retrieving revision 1.92 retrieving revision 1.93 diff -u -d -r1.92 -r1.93 --- manage_proj_edit_page.php 26 Jul 2005 12:41:02 -0000 1.92 +++ manage_proj_edit_page.php 1 Jan 2006 02:56:39 -0000 1.93 @@ -244,7 +244,7 @@ continue; } ?> - <option value="<?php echo $t_project['id'] ?>"><?php echo $t_project['name'] ?></option> + <option value="<?php echo $t_project['id'] ?>"><?php echo string_attribute( $t_project['name'] ) ?></option> <?php } # End looping over projects ?> Index: manage_proj_create.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_proj_create.php,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- manage_proj_create.php 13 Feb 2005 21:36:17 -0000 1.7 +++ manage_proj_create.php 1 Jan 2006 02:56:39 -0000 1.8 @@ -25,7 +25,7 @@ $f_status = gpc_get_int( 'status' ); $f_file_path = gpc_get_string( 'file_path', '' ); - $t_project_id = project_create( $f_name, $f_description, $f_status, $f_view_state, $f_file_path ); + $t_project_id = project_create( string_strip_tags( $f_name ), $f_description, $f_status, $f_view_state, $f_file_path ); if ( ( $f_view_state == VS_PRIVATE ) && ( false === current_user_is_administrator() ) ) { $t_access_level = access_get_global_level(); |