MantisBT: master 033a5045

Author Committer Branch Timestamp Parent
dregad dregad master 2013-09-25 23:57 master 8d7b8400
Affected Issues  0013191: XSS vulnerability dues to usage of PHP_SELF
 0016410: "Delete project settings" buttons on manage config pages do not redirect properly

Prevent XSS issues relating to PHP_SELF

Selectively porting the security fixes for issue 0013191 from dhx's
original commit e679a1c02978ba1b811959dedc358598fc595458, following the
reintroduction of the form_action_self() function in master branch to
fix issue 0016410.

mod - core/form_api.php Diff File
mod - manage_config_email_page.php Diff File
mod - manage_config_work_threshold_page.php Diff File
mod - manage_config_workflow_page.php Diff File