MantisBT: master-2.3 a1c71931
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-2.3 | 2017-04-18 07:49 | master-2.3 27b5b292 |
Affected Issues | 0022742: CVE-2017-7897: XSS in timeline_inc.php (affects my_view_page.php and view_user_page.php) | |||
Changeset | Fix XSS in timeline_inc.php Use of $_SERVER['PHP_SELF'] and outputting it as-is allows an attacker Using SCRIPT_NAME and passing it through string_sanitize_url() instead Fixes 0022742 |
|||
mod - core/timeline_inc.php | Diff File |