MantisBT: master 57c94485
|Paul Richards||Paul Richards||master||2011-08-29 06:55||master a908cc61|
|Affected Issues||0013191: XSS vulnerability dues to usage of PHP_SELF|
|0013281: MantisBT Security Vulnerabilities Notification|
Fix issue introduced previously whereby php_Self is now used unchecked.
introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var.
This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8
Depending on server/mantis config this can lead to XSS issues
|mod - config_defaults_inc.php||Diff File|