MantisBT: master a77662d5

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master 2009-12-01 01:34 master 0aeb2ea2
Affected Issues  0011242: XSS on manage_proj_edit_page.php with user Real Name field
Changeset

Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field

Categories that are assigned to users whose names contain
"<script>alert(42);</script>" will cause a XSS bug on
manage_proj_edit_page.php. The user real name needs to be sanitised
before being printed.
mod - manage_proj_edit_page.php Diff File