[mantisbt-commits] mantisbt.git branch, master, updated. release-1.2.0rc1-375-g26e2d3b

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

The branch, master has been updated
       via  26e2d3b6259a3f709012615e5bba174911e23043 (commit)
      from  964915c9db27702a4a42eb10117539350e9e4e02 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 26e2d3b6259a3f709012615e5bba174911e23043
Author: David Hicks <hic...@op...>
Date:   Sun Dec 6 22:42:17 2009 +1100

    Fix #11261: XSS in error output as MantisCoreFormatting isn't loaded
    
    print_project_menu_bar() is called when an error occurs in MantisBT (to
    produce the HTML output for the error page). At this point of time,
    MantisCoreFormatting may not be loaded by MantisBT and therefore the
    string_display_* sanitisation functions won't be executed. Thus we must
    force the use of a the string_html_specialchars() function to ensure
    that these strings are safely sanitised even when MantisCoreFormatting
    isn't loaded (yet).

-----------------------------------------------------------------------

Summary of changes:
 core/html_api.php |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

-----------------------------------------------------------------------

commit 26e2d3b6259a3f709012615e5bba174911e23043
Author: David Hicks <hic...@op...>
Date:   Sun Dec 6 22:42:17 2009 +1100

    Fix #11261: XSS in error output as MantisCoreFormatting isn't loaded
    
    print_project_menu_bar() is called when an error occurs in MantisBT (to
    produce the HTML output for the error page). At this point of time,
    MantisCoreFormatting may not be loaded by MantisBT and therefore the
    string_display_* sanitisation functions won't be executed. Thus we must
    force the use of a the string_html_specialchars() function to ensure
    that these strings are safely sanitised even when MantisCoreFormatting
    isn't loaded (yet).

diff --git a/core/html_api.php b/core/html_api.php
index 5c0d07e..58e19ff 100644
--- a/core/html_api.php
+++ b/core/html_api.php
@@ -328,7 +328,7 @@ function html_title( $p_page_title = null ) {
 		if( empty( $t_title ) ) {
 			echo $p_page_title;
 		} else {
-			echo $p_page_title . ' - ' . string_display( $t_title );
+			echo $p_page_title . ' - ' . string_html_specialchars( $t_title );
 		}
 	}
 	echo '</title>', "\n";
@@ -507,8 +507,8 @@ function html_login_info() {
 			echo ' | <a href="' . helper_mantis_url( 'signup_page.php' ) . '">' . lang_get( 'signup_link' ) . '</a>';
 		}
 	} else {
-		echo lang_get( 'logged_in_as' ), ": <span class=\"italic\">", string_display( $t_username ), "</span> <span class=\"small\">";
-		echo is_blank( $t_realname ) ? "($t_access_level)" : "(" . string_display( $t_realname ) . " - $t_access_level)";
+		echo lang_get( 'logged_in_as' ), ": <span class=\"italic\">", string_html_specialchars( $t_username ), "</span> <span class=\"small\">";
+		echo is_blank( $t_realname ) ? "($t_access_level)" : "(" . string_html_specialchars( $t_realname ) . " - $t_access_level)";
 		echo "</span>";
 	}
 	echo '</td>';
@@ -860,7 +860,7 @@ function print_project_menu_bar() {
 	echo '<a href="' . helper_mantis_url( 'set_project.php?project_id=' . ALL_PROJECTS ) . '">' . lang_get( 'all_projects' ) . '</a>';
 
 	foreach( $t_project_ids as $t_id ) {
-		echo ' | <a href="' . helper_mantis_url( 'set_project.php?project_id=' . $t_id ) . ' ">' . string_display( project_get_field( $t_id, 'name' ) ) . '</a>';
+		echo ' | <a href="' . helper_mantis_url( 'set_project.php?project_id=' . $t_id ) . '">' . string_html_specialchars( project_get_field( $t_id, 'name' ) ) . '</a>';
 		print_subproject_menu_bar( $t_id, $t_id . ';' );
 	}
 
@@ -877,7 +877,7 @@ function print_subproject_menu_bar( $p_project_id, $p_parents = '' ) {
 	$t_subprojects = current_user_get_accessible_subprojects( $p_project_id );
 	$t_char = ':';
 	foreach( $t_subprojects as $t_subproject ) {
-		echo $t_char . ' <a href="' . helper_mantis_url( 'set_project.php?project_id=' . $p_parents . $t_subproject ) . ' ">' . string_display( project_get_field( $t_subproject, 'name' ) ) . '</a>';
+		echo $t_char . ' <a href="' . helper_mantis_url( 'set_project.php?project_id=' . $p_parents . $t_subproject ) . '">' . string_html_specialchars( project_get_field( $t_subproject, 'name' ) ) . '</a>';
 		print_subproject_menu_bar( $t_subproject, $p_parents . $t_subproject . ';' );
 		$t_char = ',';
 	}

-----------------------------------------------------------------------


--
Mantis Bug Tracker


