MantisBT: master 57c94485
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
Paul Richards | Paul Richards | master | 2011-08-29 06:55 | master a908cc61 |
Affected Issues | 0013191: XSS vulnerability dues to usage of PHP_SELF | |||
0013281: MantisBT Security Vulnerabilities Notification | ||||
Changeset | Fix issue introduced previously whereby php_Self is now used unchecked. introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var. This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8 Depending on server/mantis config this can lead to XSS issues |
|||
mod - config_defaults_inc.php | Diff File |