From: <gi...@ma...> - 2009-11-22 12:42:11
|
The branch, master has been updated via c154fafcabdc1226ec19985c9bb42331eadcd7ac (commit) from 880db8239af02a76994eb923e12d59f247ea0591 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c154fafcabdc1226ec19985c9bb42331eadcd7ac Author: David Hicks <hic...@op...> Date: Sun Nov 22 23:37:25 2009 +1100 Fix #11026: Fix XSS bug in view_filters_page.php Fix a parsing/validation error whereby a target_field input of the form "status[]<script>bad_code();</script>" would be printed directly to HTML, thus leading to a XSS vulnerability. ----------------------------------------------------------------------- Summary of changes: view_filters_page.php | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) ----------------------------------------------------------------------- commit c154fafcabdc1226ec19985c9bb42331eadcd7ac Author: David Hicks <hic...@op...> Date: Sun Nov 22 23:37:25 2009 +1100 Fix #11026: Fix XSS bug in view_filters_page.php Fix a parsing/validation error whereby a target_field input of the form "status[]<script>bad_code();</script>" would be printed directly to HTML, thus leading to a XSS vulnerability. diff --git a/view_filters_page.php b/view_filters_page.php index ee55935..601a669 100644 --- a/view_filters_page.php +++ b/view_filters_page.php @@ -41,8 +41,8 @@ html_page_top(); $t_filter = filter_get_default(); - $t_target_field = gpc_get_string( 'target_field', '' ); - if ( !isset( $t_filter[ rtrim( $t_target_field, '[]' ) ] ) ) { + $t_target_field = rtrim( gpc_get_string( 'target_field', '' ), '[]'); + if ( !isset( $t_filter[ $t_target_field ] ) ) { $t_target_field = ''; } ----------------------------------------------------------------------- -- Mantis Bug Tracker |