MantisBT: master-2.4 2d2309a3

Author Committer Branch Timestamp Parent
dregad dregad master-2.4 2017-05-19 11:48:57 master-2.4 a64a0d22
Affected Issues 0022702: CVE-2017-7620: CSRF - Arbitrary Permalink Injection
0022816: CVE-2017-7620: Open redirection vulnerability in /login_page.php
Changeset

Fix CSRF vulnerability in permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

Backporting from master branch:

  • Add form security token to prevent such injection
    0d11077d40c5dfdb76efdad9ba2b455af5be25a0
  • Encode '\' in string_sanitize_url()
    7b23377c573817c5fe8b522e8c33de8b1caff179

Fixes 0022702, 0022816

mod - core/filter_api.php Diff File
mod - core/string_api.php Diff File
mod - permalink_page.php Diff File
mod - tests/Mantis/StringTest.php Diff File