MantisBT: master-1.2.x bed19db9

Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2014-11-01 14:45:47 master-1.2.x dc9f0157
Affected Issues 0017725: CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin
Changeset

XML Import: Fix php code injection vulnerability

Egidio Romano discovered a vulnerability in the XML import plugin.

User input passed through the "description" field (and the "issuelink"
attribute) of the uploaded XML file isn't properly sanitized before
being used in a call to the preg_replace() function which uses the 'e'
modifier. This can be exploited to inject and execute arbitrary PHP code
when the Import/Export plugin is installed.

This fix is a partial backport from a master branch commit which has
been confirmed as addressing the issue (84017535f8718685d755d58af7a39d80f52ffca8)
excluding changes not relevant to fixing the security issue, including
subsequent fixes (aea1a348043979e75a6cc021e4a0a7f8d3bb7211,
4350b4d4f0ee4fba423edcae1cd2117dc1e2d63b).

Fixes 0017725 (CVE-2014-7146)

mod - plugins/XmlImportExport/ImportXml.php Diff File