MantisBT: master-1.2.x d00745f5

Author Committer Branch Timestamp Parent
Paul Richards dhx master-1.2.x 2011-08-29 06:55 master-1.2.x 6ede60d3
Affected Issues  0013191: XSS vulnerability dues to usage of PHP_SELF
 0013281: MantisBT Security Vulnerabilities Notification

Fix issue introduced previously whereby php_Self is now used unchecked.

introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var.

This is a simpler version of what we were trying to do previously aka;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8

Depending on server/mantis config this can lead to XSS issues

David: Backported from master branch and removed unreachable code branch.

Signed-off-by: David Hicks <>

mod - config_defaults_inc.php Diff File