Skip to content

Commit

Permalink
Fix XSS in filter_form_draw_inputs() (CVE-2018-13055)
Browse files Browse the repository at this point in the history 
Ömer Çıtak, Security Researcher at Netsparker, reported this
vulnerability, allowing remote attackers to inject arbitrary code
(if CSP settings permit it) through a crafted PATH_INFO on
view_filters_page.php.

Prevent the attack by sanitizing the output of $_SERVER['PHP_SELF']
before display.

Fixes #24580
  • Loading branch information
@dregad @atrol
dregad authored and atrol committed Jul 23, 2018
1 parent ee30e00 commit 4efac90
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions core/filter_form_api.php
View file
Expand Up @@ -2394,6 +2394,7 @@ function filter_form_draw_inputs( $p_filter, $p_for_screen = true, $p_static = f

if( null === $p_static_fallback_page ) {
$p_static_fallback_page = $_SERVER['PHP_SELF'];
$p_static_fallback_page = string_sanitize_url( $_SERVER['PHP_SELF'] );
}
$t_filters_url = $p_static_fallback_page;
$t_get_params = $_GET;
Expand Down

0 comments on commit 4efac90

Please sign in to comment.