From e4a19768a5c5e5b1276caf3dd5bb721a540ec014 Mon Sep 17 00:00:00 2001
From: Mikael Falkvidd <mfalkvidd@op5.com>
Date: Thu, 12 Jun 2014 11:03:43 +0200
Subject: [PATCH] pnp/views/kohana_error_page: plug another XSS hole

By issuing the request
GET pnp/$item?996fb"><script>alert(1)</script><"951e1=1
an alert is triggered in the meta refresh tag.

The hole is plugged by not setting the URL of the meta refresh.
The default behavior is to refresh the current page, which is what
we want anyway.

Change-Id: I6af0b15c929f95d651a576d46b99d2e1a88fe601

Signed-off-by: Mikael Falkvidd <mfalkvidd@op5.com>
---
 share/pnp/application/views/kohana_error_page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/pnp/application/views/kohana_error_page.php b/share/pnp/application/views/kohana_error_page.php
index a950616..490ed62 100644
--- a/share/pnp/application/views/kohana_error_page.php
+++ b/share/pnp/application/views/kohana_error_page.php
@@ -4,7 +4,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <?php if(isset ( $_SERVER['REQUEST_URI'])):?> 
-<meta http-equiv="refresh" content="60; url=<?php echo $_SERVER['REQUEST_URI'] ?>">
+<meta http-equiv="refresh" content="60">
 <?php endif ?>
 <title><?php echo $error ?></title>
 <?php echo html::stylesheet('media/css/common.css') ?>
-- 
1.9.3