MantisBT: master-2.3 8b6787c8

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.3 2017-05-19 07:48 master-2.3 afc31a63
Affected Issues  0022702: CVE-2017-7620: CSRF - Arbitrary Permalink Injection
 0022816: CVE-2017-7620: Open redirection vulnerability in /login_page.php
Changeset

Fix CSRF vulnerability in permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

Backporting from master branch:

  • Add form security token to prevent such injection
    0d11077d40c5dfdb76efdad9ba2b455af5be25a0
  • Encode '\' in string_sanitize_url()
    7b23377c573817c5fe8b522e8c33de8b1caff179

Fixes 0022702, 0022816
mod - core/filter_api.php Diff File
mod - core/string_api.php Diff File
mod - permalink_page.php Diff File
mod - tests/Mantis/StringTest.php Diff File