MantisBT: master-1.2.x 868c1d6c

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2009-12-01 01:34 master-1.2.x ee7ee6d4
Affected Issues  0011242: XSS on manage_proj_edit_page.php with user Real Name field
Changeset

Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field

Categories that are assigned to users whose names contain
"<script>alert(42);</script>" will cause a XSS bug on
manage_proj_edit_page.php. The user real name needs to be sanitised
before being printed.
mod - manage_proj_edit_page.php Diff File