Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.26.0

Bug #10324 Unescaped values on invalid bugs
Submitted: 2007-03-10 14:27 UTC Modified: 2007-03-10 14:36 UTC
From: davidc Assigned: davidc
Status: Closed Package: pearweb (version 1.10.0)
PHP Version: 5.2.1 OS: irrelevant
Roadmaps: 1.10.1    
Subscription  


 [2007-03-10 14:27 UTC] davidc (David Coallier)
Description: ------------ This is a rather serious bug as well, I have found that in patch-display there's another xss vulnerability in the $_GET['bug'] variable dispalying. I am fixign it right away.

Comments

 [2007-03-10 14:36 UTC] davidc (David Coallier)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Fixed in the display-patch.php and not the template.