Project

General

Profile

Actions
Copy link

Bug #2382

closed

Non-htmlescaped url(s)

Added by beat about 13 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
beat
Target version:
2.0
Start date:
08 March 2011
Due date:
% Done:

100%

Estimated time:

Description

component.cbgroupjive.php line 2460:

            $msg_link                        =    '<a href="' . cbgjClass::getPluginURL( array( 'groups', 'join', $category->id, $group->id, $row->code ), null, false ) . '">' . CBTxt::T( 'here' ) . '</a>';

has false for param $htmlspecialchars, instead of true, so it's not escaped properly, causing potential vuln.

Please review all url outputs to html.

Actions
Copy link
 #1

Updated by krileon about 13 years ago

  • Status changed from New to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 0 to 100

Fixed in r1612

Actions
Copy link
 #2

Updated by krileon about 13 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF