MantisBT: master 0aeb2ea2

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master 2009-12-01 01:27 master 71ade607
Affected Issues  0011241: XSS on manage_proj_page.php with user Real Name field
Changeset

Fix 0011241: XSS on manage_proj_page.php with user Real Name field

Categories that are assigned to users whose names contain
"<script>alert(42);</script>" will cause a XSS bug on
manage_proj_page.php. The user real name needs to be sanitised before
being printed.
mod - manage_proj_page.php Diff File