MantisBT: master-1.2.x d00745f5
|Paul Richards||dhx||master-1.2.x||2011-08-29 06:55||master-1.2.x 6ede60d3|
|Affected Issues||0013191: XSS vulnerability dues to usage of PHP_SELF|
|0013281: MantisBT Security Vulnerabilities Notification|
Fix issue introduced previously whereby php_Self is now used unchecked.
introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var.
This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8
Depending on server/mantis config this can lead to XSS issues
David: Backported from master branch and removed unreachable code branch.
Signed-off-by: David Hicks <email@example.com>
|mod - config_defaults_inc.php||Diff File|