HTTPi, SQLi, XSS.CX: CVE-2011-5018, Koala Framework, XSS, Resolved, Cross Site Scripting, CWE-79, CAPEC-86

Saturday, December 31, 2011

CVE-2011-5018, Koala Framework, XSS, Resolved, Cross Site Scripting, CWE-79, CAPEC-86

fix XSS security issue: escape request_uri in 404 pages

commit 59f81ea6bd8ef96c04a706a3ca453cd656284faa1 parent e681f050ea

nsams-vivid-planet authored November 21, 2011

Showing 1 changed file with 1 addition and 1 deletion.

Kwf/Exception/Abstract.php

2 ••

Kwf/Exception/Abstract.php

View file @ 59f81ea

@@ -74,7 +74,7 @@ public function render($ignoreCli = false)
         $view->exception = $this->getException();
         $view->message = $this->getException()->getMessage();
         $view->requestUri = isset($_SERVER['REQUEST_URI']) ?
-            $_SERVER['REQUEST_URI'] : '' ;
+            htmlspecialchars($_SERVER['REQUEST_URI']) : '' ;
         $view->debug = Kwf_Exception::isDebug();
         $header = $this->getHeader();
         $template = $this->getTemplate();

HTTPi, SQLi, XSS.CX

Anti-Phishing Research, Live Bait Reports, Tombstones, Hoyt LLC

Labels

Saturday, December 31, 2011

CVE-2011-5018, Koala Framework, XSS, Resolved, Cross Site Scripting, CWE-79, CAPEC-86

0 comments:

Post a Comment

...	...	@@ -74,7 +74,7 @@ public function render($ignoreCli = false)
74	74	$view->exception = $this->getException();
75	75	$view->message = $this->getException()->getMessage();
76	76	$view->requestUri = isset($_SERVER['REQUEST_URI']) ?
77		- $_SERVER['REQUEST_URI'] : '' ;
	77	+ htmlspecialchars($_SERVER['REQUEST_URI']) : '' ;
78	78	$view->debug = Kwf_Exception::isDebug();
79	79	$header = $this->getHeader();
80	80	$template = $this->getTemplate();