From: Glenn H. <thr...@us...> - 2006-02-03 03:59:09
|
Update of /cvsroot/mantisbt/mantisbt In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4048 Modified Files: Tag: BRANCH_1_0_0rc5 config_defaults_inc.php Log Message: fix for 0006659: Cross site scripting vulnerability Index: config_defaults_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/config_defaults_inc.php,v retrieving revision 1.283.2.1.2.1.2.1 retrieving revision 1.283.2.1.2.1.2.1.2.1 diff -u -d -r1.283.2.1.2.1.2.1 -r1.283.2.1.2.1.2.1.2.1 --- config_defaults_inc.php 10 Jan 2006 11:38:07 -0000 1.283.2.1.2.1.2.1 +++ config_defaults_inc.php 3 Feb 2006 03:59:01 -0000 1.283.2.1.2.1.2.1.2.1 @@ -78,7 +78,7 @@ $t_host = 'www.example.com'; } - $t_path = dirname( $_SERVER['PHP_SELF'] ); + $t_path = dirname( strip_tags( $_SERVER['PHP_SELF'] ) ); if ( '/' == $t_path || '\\' == $t_path ) { $t_path = ''; } |