MantisBT: master-1.2.x e679a1c0
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dhx | dhx | master-1.2.x | 2011-09-05 02:36 | master-1.2.x cb74408f |
Affected Issues | 0013191: XSS vulnerability dues to usage of PHP_SELF | |||
Changeset | Fix 0013191: Prevent further XSS issues relating to PHP_SELF Silvia Alvarez (Debian package manager for MantisBT) has performed The form_action_self() function also used $_SERVER['PHP_SELF'] This patch swaps out PHP_SELF for SCRIPT_NAME (much safer as end users Refer to Debian bug report #640297 [1] and dicussion on the mantisbt-dev Thank you Sils for the detailed analysis of the problem, detailed |
|||
mod - billing_inc.php | Diff File | |||
mod - bugnote_stats_inc.php | Diff File | |||
mod - core/authentication_api.php | Diff File | |||
mod - core/form_api.php | Diff File | |||
mod - core/helper_api.php | Diff File | |||
mod - manage_config_email_page.php | Diff File | |||
mod - manage_config_work_threshold_page.php | Diff File | |||
mod - manage_config_workflow_page.php | Diff File |