Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 72876 Details for
Bug 112491
www-apps/horde potential XSS vulnerability.
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
horde-xss.patch
horde-xss.patch (text/plain), 544 bytes, created by
Thierry Carrez (RETIRED)
on 2005-11-14 08:06:20 UTC
(
hide
)
Description:
horde-xss.patch
Filename:
MIME Type:
Creator:
Thierry Carrez (RETIRED)
Created:
2005-11-14 08:06:20 UTC
Size:
544 bytes
patch
obsolete
>--- horde-2.2.8/lib/Horde.php 2004-10-25 17:59:15.000000000 +0200 >+++ horde-2.2.9/lib/Horde.php 2005-11-13 12:48:32.000000000 +0100 >@@ -234,7 +234,7 @@ > > $errortext = _("<b>A fatal error has occurred:</b>") . "<br /><br />\n"; > if (is_object($error) && method_exists($error, 'getMessage')) { >- $errortext .= $error->getMessage() . "<br /><br />\n"; >+ $errortext .= htmlspecialchars($error->getMessage()) . "<br /><br />\n"; > } > $errortext .= sprintf(_("[line %s of %s]"), $line, $file); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=72876">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 112491
: 72876
