View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0015234 | MantisTouch | General | public | 2012-11-24 15:28 | 2013-05-17 03:18 |
| Reporter | trehn | Assigned To | vboctor | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.2.1 | ||||
| Fixed in Version | 1.2.2 | ||||
| Summary | 0015234: Exception messages are not escaped in http_header_redirect() | ||||
| Description | In the code of Mantis Touch there are some calls of http_header_redirect() where an exception message is passed directly as a GET parameter of the target url. If this message contains a line feed "\n", PHP stops with a warning in core/http_api.php +11. | ||||
| Tags | No tags attached. | ||||
