View Issue Details

IDProjectCategoryView StatusLast Update
0012309mantisbtsecuritypublic2011-08-02 12:35
Reporteratrol Assigned Todhx  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012309: XSS issues when viewing Summary page
Description

Scripting code entered in summary field might be executed when displaying Summary page

Steps To Reproduce
  1. Enter an issue with scripting code in Summary field
  2. View "Summary" page
  3. See your code beeing executed if issue is displayed in list of longest open issues
TagsNo tags attached.
Attached Files
issue12309.patch (1,154 bytes)   
From e789c340dd658d54276202353fe7bf6d142d5b4c Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Thu, 2 Sep 2010 10:33:35 +0200
Subject: [PATCH] Fix #12309: XSS issues when viewing Summary page

---
 core/summary_api.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/summary_api.php b/core/summary_api.php
index c58a678..4950f4a 100644
--- a/core/summary_api.php
+++ b/core/summary_api.php
@@ -333,7 +333,7 @@ function summary_print_by_activity() {
 
 	foreach( $t_summarydata as $row ) {
 		$t_bugid = string_get_bug_view_link( $row['id'] );
-		$t_summary = string_html_specialchars( $row['summary'] );
+		$t_summary = string_display_line( $row['summary'] );
 		$t_notescount = $row['count'];
 
 		print "<tr " . helper_alternate_class() . ">\n";
@@ -377,7 +377,7 @@ function summary_print_by_age() {
 		}
 
 		$t_bugid = string_get_bug_view_link( $row['id'] );
-		$t_summary = $row['summary'];
+		$t_summary = string_display_line( $row['summary'] );
 		$t_days_open = intval(( time() - $row['date_submitted'] ) / SECONDS_PER_DAY );
 
 		print "<tr " . helper_alternate_class() . ">\n";
-- 
1.7.2.2

issue12309.patch (1,154 bytes)   

Relationships

related to 0012432 closedgiallu XSS issues when viewing Summary page 

Activities

atrol

atrol

2010-08-30 02:59

developer   ~0026511

Reminder sent to: dhx, jreese

Please have a look at the patch and if it's OK let it become part of next version.

dhx

dhx

2010-08-30 03:07

reporter   ~0026512

Good find, thanks atrol.

The only comment I have is that I think we should be using string_display_line() instead of string_html_specialchars() for sanitising the summary. I can fix that up in your patch when I commit it.

atrol

atrol

2010-08-30 03:13

developer   ~0026513

Last edited: 2010-08-30 03:22

I changed it the same way like it's done for the list of most active issues.
If string_html_specialchars is the right way to do it, you have to change it twice.

atrol

atrol

2010-09-02 04:40

developer   ~0026546

Updated patch to use string_display_line()

dhx

dhx

2010-09-02 07:24

reporter   ~0026547

Thanks Roland, I've committed it at long last. Sorry for the delay!

dhx

dhx

2010-09-02 07:27

reporter   ~0026548

That was your first patch? Congratulations! :)

atrol

atrol

2010-09-02 07:45

developer   ~0026552

It's the second, first was 0012217 :)

Related Changesets

MantisBT: master-1.2.x 085097fc

2010-09-02 04:33

atrol

Committer: dhx


Details Diff
Fix 0012309: XSS issues when viewing Summary page

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
Affected Issues
0012309
mod - core/summary_api.php Diff File

MantisBT: master 61e90d06

2010-09-02 04:33

atrol

Committer: dhx


Details Diff
Fix 0012309: XSS issues when viewing Summary page

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
Affected Issues
0012309
mod - core/summary_api.php Diff File