From e4a19768a5c5e5b1276caf3dd5bb721a540ec014 Mon Sep 17 00:00:00 2001

From: Mikael Falkvidd <mfalkvidd@op5.com>

Date: Thu, 12 Jun 2014 11:03:43 +0200

Subject: [PATCH] pnp/views/kohana_error_page: plug another XSS hole

By issuing the request

GET pnp/$item?996fb"><script>alert(1)</script><"951e1=1

an alert is triggered in the meta refresh tag.

The hole is plugged by not setting the URL of the meta refresh.

The default behavior is to refresh the current page, which is what

we want anyway.

Change-Id: I6af0b15c929f95d651a576d46b99d2e1a88fe601

Signed-off-by: Mikael Falkvidd <mfalkvidd@op5.com>

---

 share/pnp/application/views/kohana_error_page.php | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/pnp/application/views/kohana_error_page.php b/share/pnp/application/views/kohana_error_page.php

index a950616..490ed62 100644

--- a/share/pnp/application/views/kohana_error_page.php

+++ b/share/pnp/application/views/kohana_error_page.php

@@ -4,7 +4,7 @@

 <head>

 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

-<meta http-equiv="refresh" content="60; url=<?php echo $_SERVER['REQUEST_URI'] ?>">

+<meta http-equiv="refresh" content="60">

 <title></title>

-- 

1.9.3