Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mantisbt/mantisbt
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e61e63ca07d6
Choose a base ref
...
head repository: mantisbt/mantisbt
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5858a659efe1
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Jan 23, 2013

  1. Fix #15415: XSS vulnerability on Configuration Report page 

    A project name containing javascript code results in execution of said
code when displaying the filter's project list.

Note that despite using the same function to display the option list,
the vulnerability does not exist for usernames (due to input
restrictions in place when creating/updating user accounts) or config
names (which must exist in config_default_inc.php and must be valid php
identifiers).
    @dregad
    dregad committed Jan 23, 2013
    Copy the full SHA
    c61dc63 View commit details

  2. Fix #15416: XSS issue in adm_config_report.php 

    If a 'complex' config option contains javascript code, it would be
executed when displaying the page.
    @dregad
    dregad committed Jan 23, 2013
    Copy the full SHA
    5858a65 View commit details
Showing with 2 additions and 2 deletions.
  1. +2 −2 adm_config_report.php
4 changes: 2 additions & 2 deletions adm_config_report.php
View file
Original file line number Diff line number Diff line change
@@ -87,7 +87,7 @@ function print_config_value_as_string( $p_type, $p_value, $p_for_display = true
}

if( $p_for_display ) {
echo "<pre>$t_output</pre>";
echo '<pre>' . string_attribute( $t_output ) . '</pre>';
} else {
echo $t_output;
}
@@ -97,7 +97,7 @@ function print_option_list_from_array( $p_array, $p_filter_value ) {
foreach( $p_array as $t_key => $t_value ) {
echo "<option value='$t_key'";
check_selected( $p_filter_value, $t_key );
echo ">$t_value</option>\n";
echo ">" . string_attribute( $t_value ) . "</option>\n";
}
}