Blame pnp4nagios-cb925073edeeb97eb4ce61a86cdafccc9b87f9bb.patch
|
Jan ONDREJ (SAL) |
130e25c |
From cb925073edeeb97eb4ce61a86cdafccc9b87f9bb Mon Sep 17 00:00:00 2001
|
|
Jan ONDREJ (SAL) |
130e25c |
From: Mikael Falkvidd <mfalkvidd@op5.com>
|
|
Jan ONDREJ (SAL) |
130e25c |
Date: Fri, 13 Jun 2014 14:13:03 +0200
|
|
Jan ONDREJ (SAL) |
130e25c |
Subject: [PATCH] Plug potential XSS hole in views/template.php
|
|
Jan ONDREJ (SAL) |
130e25c |
|
|
Jan ONDREJ (SAL) |
130e25c |
REQUEST_URI needs to be sanitized if used. Since we want to refresh
|
|
Jan ONDREJ (SAL) |
130e25c |
to the same page there is no need to set the URI.
|
|
Jan ONDREJ (SAL) |
130e25c |
|
|
Jan ONDREJ (SAL) |
130e25c |
Signed-off-by: Mikael Falkvidd <mfalkvidd@op5.com>
|
|
Jan ONDREJ (SAL) |
130e25c |
---
|
|
Jan ONDREJ (SAL) |
130e25c |
share/pnp/application/views/template.php | 2 +-
|
|
Jan ONDREJ (SAL) |
130e25c |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Jan ONDREJ (SAL) |
130e25c |
|
|
Jan ONDREJ (SAL) |
130e25c |
diff --git a/share/pnp/application/views/template.php b/share/pnp/application/views/template.php
|
|
Jan ONDREJ (SAL) |
130e25c |
index 109902f..0cce888 100644
|
|
Jan ONDREJ (SAL) |
130e25c |
--- a/share/pnp/application/views/template.php
|
|
Jan ONDREJ (SAL) |
130e25c |
+++ b/share/pnp/application/views/template.php
|
|
Jan ONDREJ (SAL) |
130e25c |
@@ -4,7 +4,7 @@
|
|
Jan ONDREJ (SAL) |
130e25c |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
Jan ONDREJ (SAL) |
130e25c |
<head>
|
|
Jan ONDREJ (SAL) |
130e25c |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
Jan ONDREJ (SAL) |
130e25c |
-<meta http-equiv="refresh" content="<?php echo $this->config->conf['refresh'] ?>; url=<?php echo $_SERVER['REQUEST_URI'] ?>" />
|
|
Jan ONDREJ (SAL) |
130e25c |
+<meta http-equiv="refresh" content="<?php echo $this->config->conf['refresh'] ?>" />
|
|
Jan ONDREJ (SAL) |
130e25c |
<title>title)) echo html::specialchars($this->title) ?></title>
|
|
Jan ONDREJ (SAL) |
130e25c |
|
|
Jan ONDREJ (SAL) |
130e25c |
|
|
Jan ONDREJ (SAL) |
130e25c |
--
|
|
Jan ONDREJ (SAL) |
130e25c |
1.9.3
|
|
Jan ONDREJ (SAL) |
130e25c |
|