MantisBT: master-1.2.x 1b277fc8

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2010-02-09 22:45 master-1.2.x 8f92d886
Affected Issues  0011484: XSS on view_filters_page.php when displaying dropdown list of custom string field values
Changeset

Fix 0011484: XSS on view_filters_page.php custom string field printing

view_filters_page.php shows a dropdown list of all values for any given
custom string field. An XSS vulnerability exists due to a lack of
sanitisation of custom field values when printed via
print_filter_custom_field() from filter_api.php.
mod - core/filter_api.php Diff File