| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 2.5.1 |
| Request #2131 | PEAR::Pager allows XSS attack | ||
|---|---|---|---|
| Submitted: | 2004-08-16 09:32 UTC | ||
| From: | sou_sk at nifty dot com | Assigned: | quipo |
| Status: | Closed | Package: | Pager |
| PHP Version: | 4.3.8 | OS: | Windows |
| Roadmaps: | (Not assigned) | ||
[2004-08-16 09:32 UTC] sou_sk at nifty dot com
Description:
------------
Pager has security problem. Malicious user can cause XSS problem through URL queries like this:
http://example.com/pager/example.php?"><s>oooops</s>
I checked this problem with bundled example.php on CVS latest version (Common.php,v 1.16).
Adding code bellow prevent this problem.
Common.php line:649
$qs = array_map('htmlspecialchars',$qs);
Comments
[2004-08-17 14:46 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send MANUAL CONFIRMATION IS NOT POSSIBLE. Write a message to pear-dev@lists.php.net to request the confirmation link. All bugs/comments/patches associated with this email address will be deleted within 48 hours if the account request is not confirmed!