Jump to:
17488 Posts in 4473 Topics by 1978 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 2331 Views |
-
XSS in search module.
2 April 2007 at 7:42am
I found XSS in search module:
Combining it with CSRF could be harmful.
-
Re: XSS in search module.
4 April 2007 at 12:46pm Last edited: 4 April 2007 5:23pm
Thanks very much for pointing this out mateusz, its immensely helpful for people to be notifying us of security issues like this! Sean has looked into this and fixed it yesterday, so it is available for download in our daily builds. It has been escalated to be included in our 2.0.1 release too, hence we just built 2.0.1rc4 ...
patch:
search/SearchForm.php (revision 33165)
public function getSearchQuery() {
- return $_REQUEST['Search'];
+ return Convert::raw2xml($_REQUEST['Search']);
}
| 2331 Views | ||
|
Page:
1
|
Go to Top |
