[Mantisbt-cvs] mantisbt config_defaults_inc.php,1.283.2.1.2.1.2.1,1.283.2.1.2.1.2.1.2.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/mantisbt/mantisbt
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4048

Modified Files:
      Tag: BRANCH_1_0_0rc5
	config_defaults_inc.php 
Log Message:
fix for 0006659: Cross site scripting vulnerability


Index: config_defaults_inc.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/config_defaults_inc.php,v
retrieving revision 1.283.2.1.2.1.2.1
retrieving revision 1.283.2.1.2.1.2.1.2.1
diff -u -d -r1.283.2.1.2.1.2.1 -r1.283.2.1.2.1.2.1.2.1

--- config_defaults_inc.php	10 Jan 2006 11:38:07 -0000	1.283.2.1.2.1.2.1
+++ config_defaults_inc.php	3 Feb 2006 03:59:01 -0000	1.283.2.1.2.1.2.1.2.1
@@ -78,7 +78,7 @@
 			$t_host = 'www.example.com';
 		}
 
-		$t_path = dirname( $_SERVER['PHP_SELF'] );
+		$t_path = dirname( strip_tags( $_SERVER['PHP_SELF'] ) );
 		if ( '/' == $t_path || '\\' == $t_path ) {
 			$t_path = '';
 		}



