Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mantisbt/mantisbt
base: e61e63ca07d6
Choose a base ref
...
head repository: mantisbt/mantisbt
compare: 5858a659efe1
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Jan 23, 2013

  1. Fix #15415: XSS vulnerability on Configuration Report page 

    A project name containing javascript code results in execution of said
code when displaying the filter's project list.

Note that despite using the same function to display the option list,
the vulnerability does not exist for usernames (due to input
restrictions in place when creating/updating user accounts) or config
names (which must exist in config_default_inc.php and must be valid php
identifiers).
    @dregad
    dregad committed Jan 23, 2013
    Copy the full SHA
    c61dc63 View commit details
    Browse the repository at this point in the history

  2. Fix #15416: XSS issue in adm_config_report.php 

    If a 'complex' config option contains javascript code, it would be
executed when displaying the page.
    @dregad
    dregad committed Jan 23, 2013
    Copy the full SHA
    5858a65 View commit details
    Browse the repository at this point in the history