From: <gi...@ma...> - 2010-09-18 05:38:30
|
The branch, master has been updated via 544e76d9dd3f6ee38c79e0ee8469256323132738 (commit) from 01d2ffad2e3a7f5a4d87bf52a7c782a084944ab2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 544e76d9dd3f6ee38c79e0ee8469256323132738 Author: Olivier Mengué <oli...@gm...> Date: Sat Sep 18 15:32:27 2010 +1000 Fix #11299: Custom menu links should be sanitised before output If an administrator defines custom menu links (consisting of a caption and URL) then these values should be escaped of special HTML characters before being printed into the menu. This XSS issue is of no security concern as it requires administrator access and manual modifications to the configuration file. Co-contributed-by: David Hicks <hic...@op...> Signed-off-by: David Hicks <hic...@op...> ----------------------------------------------------------------------- Summary of changes: core/html_api.php | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) ----------------------------------------------------------------------- commit 544e76d9dd3f6ee38c79e0ee8469256323132738 Author: Olivier Mengué <oli...@gm...> Date: Sat Sep 18 15:32:27 2010 +1000 Fix #11299: Custom menu links should be sanitised before output If an administrator defines custom menu links (consisting of a caption and URL) then these values should be escaped of special HTML characters before being printed into the menu. This XSS issue is of no security concern as it requires administrator access and manual modifications to the configuration file. Co-contributed-by: David Hicks <hic...@op...> Signed-off-by: David Hicks <hic...@op...> diff --git a/core/html_api.php b/core/html_api.php index 9ef12f5..c50aded 100644 --- a/core/html_api.php +++ b/core/html_api.php @@ -722,8 +722,8 @@ function prepare_custom_menu_options( $p_config ) { foreach( $t_custom_menu_options as $t_custom_option ) { $t_access_level = $t_custom_option[1]; if( access_has_project_level( $t_access_level ) ) { - $t_caption = lang_get_defaulted( $t_custom_option[0] ); - $t_link = $t_custom_option[2]; + $t_caption = string_html_specialchars( lang_get_defaulted( $t_custom_option[0] ) ); + $t_link = string_attribute( $t_custom_option[2] ); $t_options[] = "<a href=\"$t_link\">$t_caption</a>"; } } ----------------------------------------------------------------------- -- Mantis Bug Tracker |