MantisBT: master-1.2.x 4cb58c70

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2009-12-01 00:41 master-1.2.x 92561bce
Affected Issues  0011236: XSS on view_all_bug_page.php (specifically the filters form) with user Real Name field
Changeset

Fix 0011236: XSS on view_all_bug_page.php with user Real Name field

If a user is selected in one of the user filters (reporter, monitored
by, etc) and that user has a name containing HTML elements, the HTML
elements would not be escaped prior to displaying them as the currently
selected filter options.
mod - core/filter_api.php Diff File