Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.32.0

Bug #10959 context is not htmlspecialchar()ed in patch diff
Submitted: 2007-05-06 19:16 UTC
From: cellog Assigned: cellog
Status: Closed Package: pearweb (version 1.15.0)
PHP Version: 5.2.1 OS: n/a
Roadmaps: 1.15.1    

 [2007-05-06 19:16 UTC] cellog (Greg Beaver)
Description: ------------ when displaying a diff between two patches, context areas are not htmlspecialchar()ed, resulting a potential XSS vulnerability.


 [2007-05-06 19:16 UTC] cellog (Greg Beaver)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.