View Issue Details

IDProjectCategoryView StatusLast Update
0012309mantisbtsecuritypublic2011-08-02 12:35
Reporteratrol 
Assigned Todhx 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012309: XSS issues when viewing Summary page
Description

Scripting code entered in summary field might be executed when displaying Summary page

Steps To Reproduce
  1. Enter an issue with scripting code in Summary field
  2. View "Summary" page
  3. See your code beeing executed if issue is displayed in list of longest open issues
TagsNo tags attached.

Relationships

related to 0012432 closedgiallu XSS issues when viewing Summary page 

Activities

atrol

atrol

2010-08-30 02:59

developer   ~0026511

Reminder sent to: dhx, jreese

Please have a look at the patch and if it's OK let it become part of next version.

dhx

dhx

2010-08-30 03:07

reporter   ~0026512

Good find, thanks atrol.

The only comment I have is that I think we should be using string_display_line() instead of string_html_specialchars() for sanitising the summary. I can fix that up in your patch when I commit it.

atrol

atrol

2010-08-30 03:13

developer   ~0026513

Last edited: 2010-08-30 03:22

View 2 revisions

I changed it the same way like it's done for the list of most active issues.
If string_html_specialchars is the right way to do it, you have to change it twice.

atrol

atrol

2010-09-02 04:39

developer  

issue12309.patch (1,154 bytes)
From e789c340dd658d54276202353fe7bf6d142d5b4c Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Thu, 2 Sep 2010 10:33:35 +0200
Subject: [PATCH] Fix #12309: XSS issues when viewing Summary page

---
 core/summary_api.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/summary_api.php b/core/summary_api.php
index c58a678..4950f4a 100644
--- a/core/summary_api.php
+++ b/core/summary_api.php
@@ -333,7 +333,7 @@ function summary_print_by_activity() {
 
 	foreach( $t_summarydata as $row ) {
 		$t_bugid = string_get_bug_view_link( $row['id'] );
-		$t_summary = string_html_specialchars( $row['summary'] );
+		$t_summary = string_display_line( $row['summary'] );
 		$t_notescount = $row['count'];
 
 		print "<tr " . helper_alternate_class() . ">\n";
@@ -377,7 +377,7 @@ function summary_print_by_age() {
 		}
 
 		$t_bugid = string_get_bug_view_link( $row['id'] );
-		$t_summary = $row['summary'];
+		$t_summary = string_display_line( $row['summary'] );
 		$t_days_open = intval(( time() - $row['date_submitted'] ) / SECONDS_PER_DAY );
 
 		print "<tr " . helper_alternate_class() . ">\n";
-- 
1.7.2.2

issue12309.patch (1,154 bytes)
atrol

atrol

2010-09-02 04:40

developer   ~0026546

Updated patch to use string_display_line()

dhx

dhx

2010-09-02 07:24

reporter   ~0026547

Thanks Roland, I've committed it at long last. Sorry for the delay!

dhx

dhx

2010-09-02 07:27

reporter   ~0026548

That was your first patch? Congratulations! :)

atrol

atrol

2010-09-02 07:45

developer   ~0026552

It's the second, first was 0012217 :)

Related Changesets

MantisBT: master-1.2.x 085097fc

2010-09-02 08:33:35

atrol


Committer: dhx Details Diff
Fix 0012309: XSS issues when viewing Summary page

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
mod - core/summary_api.php Diff File

MantisBT: master 61e90d06

2010-09-02 08:33:35

atrol


Committer: dhx Details Diff
Fix 0012309: XSS issues when viewing Summary page

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
mod - core/summary_api.php Diff File

Issue History

Date Modified Username Field Change
2010-08-30 02:55 atrol New Issue
2010-08-30 02:57 atrol File Added: issue12309.patch
2010-08-30 02:59 atrol Note Added: 0026511
2010-08-30 03:07 dhx Note Added: 0026512
2010-08-30 03:07 dhx Assigned To => dhx
2010-08-30 03:07 dhx Status new => assigned
2010-08-30 03:13 atrol Note Added: 0026513
2010-08-30 03:22 atrol Note Edited: 0026513 View Revisions
2010-09-02 04:39 atrol File Deleted: issue12309.patch
2010-09-02 04:39 atrol File Added: issue12309.patch
2010-09-02 04:40 atrol Note Added: 0026546
2010-09-02 07:24 dhx Changeset attached => MantisBT master-1.2.x 085097fc
2010-09-02 07:24 dhx Resolution open => fixed
2010-09-02 07:24 dhx Fixed in Version => 1.2.3
2010-09-02 07:24 dhx Note Added: 0026547
2010-09-02 07:24 dhx Status assigned => resolved
2010-09-02 07:25 dhx Changeset attached => MantisBT master 61e90d06
2010-09-02 07:27 dhx Note Added: 0026548
2010-09-02 07:45 atrol Note Added: 0026552
2010-09-19 02:03 dhx View Status private => public
2010-10-07 05:46 giallu Issue cloned: 0012432
2010-10-07 05:46 giallu Relationship added related to 0012432
2011-08-02 12:35 dregad Status resolved => closed