Fork me on GitHub
Subscribe 1

Ticket #73 (fixed bug)

Unescaped topic subject in search.php

  • Created: 2010-07-20 11:03:01
  • Reported by: daris
  • Assigned to: Reines
  • Milestone: 1.4.1
  • Component: security
  • Priority: highest

Make a new topic with subject:
<script type="text/javascript">alert('test')</script>
and then go to search, in keywords field type "script" (without quotes), also in "Show results as" field select "Posts", click submit and you'll see an alert smile

Then look at the 531 line of search.php:
...<?php echo $cur_search['subject'] ?>...

History

daris 2010-07-20 11:03:48

  • Description changed. (Diff)

daris 2010-07-20 11:04:11

  • Description changed. (Diff)

daris 2010-07-20 11:09:15

  • Description changed. (Diff)

daris 2010-07-20 11:18:39

  • Summary changed from Unsescaped topic subject in search.php to Unescaped topic subject in search.php.

Franz 2010-07-20 15:37:06

  • Description changed. (Diff)

Reines 2010-07-20 15:59:23

  • Component set to security.
  • Milestone set to 1.4.1.

Reines 2010-07-21 10:54:55

I have now fixed this, will push the update and release 1.4.1 later today. Thanks for the report.

Reines 2010-07-21 13:31:01

  • Owner set to Reines.
  • Status changed from open to fixed.

Reines 2010-07-21 23:05:24

  • Visibility set to public.