From e881dd79df422033bbea88914fc0a717fae40358 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 25 Mar 2017 15:23:51 +0100
Subject: [PATCH] Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'
parameter.

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae.

Fixes #22579
---
 adm_config_report.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adm_config_report.php b/adm_config_report.php
index 37e8189..12d6bd1 100644
--- a/adm_config_report.php
+++ b/adm_config_report.php
@@ -580,7 +580,7 @@ if( $t_read_write_access ) {
 					<input type="text" name="config_option" class="input-sm"
 						   value="<?php echo string_display_line( $t_edit_option ); ?>"
 						   size="64" maxlength="64" />
-					<input type="hidden" name="original_config_option" value="<?php echo $t_edit_option; ?>" />
+					<input type="hidden" name="original_config_option" value="<?php echo string_display_line( $t_edit_option ); ?>" />
 				</td>
 			</tr>
 
-- 
2.7.4