[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] r24666: {torstatus} Fix a an XSS opportunity due to missing sanitation of descri (torstatus/trunk/web)
Author: sebastian
Date: 2011-04-23 13:38:55 +0000 (Sat, 23 Apr 2011)
New Revision: 24666
Modified:
torstatus/trunk/web/index.php
Log:
Fix a an XSS opportunity due to missing sanitation of descriptor values when displaying the contact column. Issue discovered and patch submitted by tagnaq.
Modified: torstatus/trunk/web/index.php
===================================================================
--- torstatus/trunk/web/index.php 2011-04-23 05:12:49 UTC (rev 24665)
+++ torstatus/trunk/web/index.php 2011-04-23 13:38:55 UTC (rev 24666)
@@ -759,7 +759,7 @@
$value == "Contact"
):
- echo "<td class='TDS'>" . $record[$value] . "</td>";
+ echo "<td class='TDS'>" . htmlentities($record[$value], ENT_QUOTES) . "</td>";
break;
//case
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits