From 658f32443b4aaa1c3285eaf970d0416ca7a020a5 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Tue, 7 Mar 2017 12:34:16 +0100
Subject: [PATCH] Fix XSS in bug_change_status_page.php

The value of the change_type parameter was not encoded before being
displayed as a hidden input.

This vulnerability was reported by Etienne Landais.

Fixes #22486
---
 bug_change_status_page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bug_change_status_page.php b/bug_change_status_page.php
index 4e1c6fc..bc23ce6 100644
--- a/bug_change_status_page.php
+++ b/bug_change_status_page.php
@@ -385,7 +385,7 @@ layout_page_begin();
 
 </tbody>
 </table>
-<input type="hidden" name="action_type" value="<?php echo $f_change_type; ?>" />
+<input type="hidden" name="action_type" value="<?php echo string_attribute( $f_change_type ); ?>" />
 
 </div>
 </div>
-- 
1.9.1