MantisBT: master-1.2.x d00745f5
| Author | Committer | Branch | Timestamp | Parent |
|---|---|---|---|---|
| Paul Richards | dhx | master-1.2.x | 2011-08-29 06:55 | master-1.2.x 6ede60d3 |
| Affected Issues | 0013191: XSS vulnerability dues to usage of PHP_SELF | |||
| 0013281: MantisBT Security Vulnerabilities Notification | ||||
| Changeset | Fix issue introduced previously whereby php_Self is now used unchecked. introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var. This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8 Depending on server/mantis config this can lead to XSS issues David: Backported from master branch and removed unreachable code branch. Signed-off-by: David Hicks <d@hx.id.au> |
|||
| mod - config_defaults_inc.php | Diff File | |||
