View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015388 | mantisbt | filters | public | 2013-01-19 09:44 | 2014-09-23 18:05 |
Reporter | rombert | Assigned To | dregad | ||
Priority | normal | Severity | tweak | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.12 | ||||
Target Version | 1.2.13 | Fixed in Version | 1.2.13 | ||
Summary | 0015388: Update the match_type parameter to be XSS-safe by itself | ||||
Description | (Created from comment 0015373:0034815)
Following up on this comment, we should rework the code and make sure that it is still XSS-safe. | ||||
Tags | No tags attached. | ||||
The problem with your earlier attempt to fix this, is that you forgot to change an occurence of gpc_get_string to gpc_get_int in search.php. I'll commit a fix shortly; local tests OK on the XSS issue (0015373) Now if you enter anything but a number (e.g. http://path/to/mantis/search.php?match_type=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E%22 ), you get APPLICATION ERROR 203 A number was expected for match_type. See also follow up fix 0015389 |
|
Linked the wrong issue #... |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master 4362aa14 2013-01-19 17:22 Details Diff |
Update match_type parameter to be XSS-safe by itself Use of gpc_get_int() instead of gpc_get_string() prevents malicious users from passing arbitrary strings as parameter. Fixes 0015388 |
Affected Issues 0015388 |
|
mod - core/filter_api.php | Diff File | ||
mod - search.php | Diff File | ||
mod - view_all_set.php | Diff File | ||
MantisBT: master-1.2.x dbf923c3 2013-01-19 17:22 Details Diff |
Update match_type parameter to be XSS-safe by itself Use of gpc_get_int() instead of gpc_get_string() prevents malicious users from passing arbitrary strings as parameter. Fixes 0015388 |
Affected Issues 0015388 |
|
mod - core/filter_api.php | Diff File | ||
mod - search.php | Diff File | ||
mod - view_all_set.php | Diff File |