MantisBT: master 141cbe6e

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master 2009-12-01 03:24 master 96ab63b6
Affected Issues  0011245: Sanitise project name in print_column_category_id() function to prevent XSS flaw
Changeset

Fix 0011245: Sanitise project name in print_column_category_id()

If a project name contains "<script>alert(42);</script>" then due to
lack of sanitisation, a XSS vulnerability existed whenever the category
column was printed with the bad project name included.
mod - core/columns_api.php Diff File