From c9e5b1d0404503022605459552faeaf610bf15ae Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 25 Mar 2017 15:23:51 +0100
Subject: [PATCH] Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'
parameter.

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Fixes #22579
---
 adm_config_report.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adm_config_report.php b/adm_config_report.php
index 24bc0ed..018e4f7 100644
--- a/adm_config_report.php
+++ b/adm_config_report.php
@@ -525,7 +525,7 @@ if( $t_read_write_access ) {
 					<input type="text" name="config_option"
 						value="<?php echo string_attribute( $t_edit_option ); ?>"
 						size="64" maxlength="64" />
-					<input type="hidden" name="original_config_option" value="<?php echo $t_edit_option; ?>" />
+					<input type="hidden" name="original_config_option" value="<?php echo string_attribute( $t_edit_option ); ?>" />
 				</span>
 				<span class="label-style"></span>
 			</div>
-- 
2.7.4