summaryrefslogtreecommitdiff
path: root/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch
blob: 6f49bbedb7c0181fdfe9e662808c006f0f80a7c6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001
From: Justin Bronder <jsbronder@gmail.com>
Date: Mon, 23 Dec 2013 11:39:03 -0500
Subject: [PATCH] CVE-2013-6395 fix xss

https://bugs.gentoo.org/show_bug.cgi?id=492580
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395
---
 header.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/header.php b/header.php
index d0a30c2..e1cb0e8 100755
--- a/header.php
+++ b/header.php
@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time);
 /////////////////////////////////////////////////////////////////////////
 if ( $context == "cluster" ) {
   if ( isset($user['host_regex']) && $user['host_regex'] != "" )
-    $set_host_regex_value="value='" . $user['host_regex'] . "'";
+    $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'";
   else
     $set_host_regex_value="";
 
-- 
1.8.3.2
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 20:04:14 +0000