MantisBT: master-2.24 f6502be6

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.24 2020-12-19 07:27 master e6365041
Affected Issues  0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls
Changeset

Prevent XSS in helper_ensure_confirmed() calls

When the confirmation message references user-provided data, it needs
to be escaped prior to calling the function.

Fixes 0027779, CVE-2020-35571
mod - manage_config_revert.php Diff File
mod - manage_custom_field_update.php Diff File
mod - manage_filter_delete.php Diff File
mod - manage_proj_user_remove.php Diff File
mod - manage_user_delete.php Diff File
mod - manage_user_proj_delete.php Diff File