diff options
| author | Andreas Gohr <gohr@cosmocode.de> | 2013-12-10 15:56:06 +0100 |
|---|---|---|
| committer | Andreas Gohr <gohr@cosmocode.de> | 2013-12-10 15:56:06 +0100 |
| commit | 9e8bcd5f2ba2246ad2dff46d0313cb0c9e9f5579 (patch) | |
| tree | 069bb6a219bdbf0f29b1ef4d9816f278f65236e8 /lib/plugins/plugin | |
| parent | 8c4759c9d38a21eb352498a8035944ee019e7738 (diff) | |
| download | rpg-9e8bcd5f2ba2246ad2dff46d0313cb0c9e9f5579.tar.gz rpg-9e8bcd5f2ba2246ad2dff46d0313cb0c9e9f5579.tar.bz2 | |
fix possible XSS vulnerability in Plugin Manager
The plugin manager echos raw URLs in error messages, this could allow to
construct an XSS attack. However the affected form is CSRF protected,
so an attacker would require another XSS vulnerability to get the needed token,
rendering this attack unneeded. So this should not be exploitable.
Diffstat (limited to 'lib/plugins/plugin')
| -rw-r--r-- | lib/plugins/plugin/classes/ap_download.class.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/plugins/plugin/classes/ap_download.class.php b/lib/plugins/plugin/classes/ap_download.class.php index 3cc455867..b1be11506 100644 --- a/lib/plugins/plugin/classes/ap_download.class.php +++ b/lib/plugins/plugin/classes/ap_download.class.php @@ -24,7 +24,7 @@ class ap_download extends ap_manage { ptln('<h2>'.$this->lang['downloading'].'</h2>'); if ($this->manager->error) { - ptln('<div class="error">'.str_replace("\n","<br />",$this->manager->error).'</div>'); + ptln('<div class="error">'.str_replace("\n","<br />",hsc($this->manager->error)).'</div>'); } else if (count($this->downloaded) == 1) { ptln('<p>'.sprintf($this->lang['downloaded'],$this->downloaded[0]).'</p>'); } else if (count($this->downloaded)) { // more than one plugin in the download |