0008679: XSS Vulnerability in view.php , Attached Files

View Issue Details [ Jump to Notes ] [ Wiki ]

[ Issue History ] [ Print ]

Project

Tags

No tags attached.

Attached Files

xss_before.png [^] (9,068 bytes) 2007-12-19 08:21

file_api.php.patch [^] (586 bytes) 2007-12-19 08:24 [Show Content] [Hide Content]

Index: core/file_api.php
===================================================================
--- core/file_api.php	(リビジョン 4833)
+++ core/file_api.php	(作業コピー)
@@ -163,7 +163,7 @@
 			$row = $t_attachment_rows[$i];
 			extract( $row, EXTR_PREFIX_ALL, 'v' );
 
-			$t_file_display_name = file_get_display_name( $v_filename );
+			$t_file_display_name = string_html_specialchars( file_get_display_name( $v_filename ) );
 			$t_filesize		= number_format( $v_filesize );
 			$t_date_added	= date( config_get( 'normal_date_format' ), db_unixtimestamp( $v_date_added ) );

Relationships

Notes
(0016494) vboctor (administrator) 2007-12-21 04:19	The fix implement in Mantis 1.1.0 is to use the following line: $t_file_display_name = string_display_line( file_get_display_name( $v_filename ) ); See the existing patch to see the context of the change.

(0016855) giallu (developer) 2008-01-27 17:47	Security advisories: http://secunia.com/advisories/28185/ [^] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6611 [^]

Issue History
Date Modified	Username	Field	Change
2007-12-19 08:21	seiji	New Issue
2007-12-19 08:21	seiji	File Added: xss_before.png
2007-12-19 08:24	seiji	File Added: file_api.php.patch
2007-12-19 11:03	vboctor	Target Version	=> 1.1.0rc4
2007-12-20 00:49	vboctor	Status	new => resolved
2007-12-20 00:49	vboctor	Fixed in Version	=> 1.1.0rc4
2007-12-20 00:49	vboctor	Resolution	open => fixed
2007-12-20 00:49	vboctor	Assigned To	=> vboctor
2007-12-20 01:35	vboctor	Status	resolved => closed
2007-12-21 04:19	vboctor	Note Added: 0016494
2007-12-21 04:19	vboctor	View Status	private => public
2008-01-27 17:47	giallu	Note Added: 0016855

MantisBT 1.2.0rc2 git live[^]

Time: 0.2120 seconds.
memory usage: 1,802 KB