PHP Buzz Forum - search_query Vulnerability Identified, Fixed

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

PHP Buzz Forum
search_query Vulnerability Identified, Fixed

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Forum One

Posts: 118
Nickname: forumone
Registered: Sep, 2004

Forum One is consulting firm specializing in helping non-profits improve their online presence.

search_query Vulnerability Identified, Fixed

Posted: Jan 3, 2006 12:02 PM

This post originated from an RSS feed registered with PHP Buzz by Forum One.
Original Post: search_query Vulnerability Identified, Fixed Feed Title: Syntax Framework Feed URL: http://blog.syntaxcms.org/rss.php?version=0.91 Feed Description: Finally, a place to answer Syntax questions	Latest PHP Buzz Posts Latest PHP Buzz Posts by Forum One Latest Posts From Syntax Framework

We were alerted to this "less critical" Secunia advisory on a possible cross-site scripting (XSS) vulnerability in versions of SyntaxCMS from 1.2.1 forward (the most recent release). We have patched this in CVS, so if you're running that version and are concerned, just update private/modules/search/results.php from CVS. If you didn't check out your installation from CVS, just add these lines after $search_query has been defined:


/**
 Patch XSS Vulnerability
 SFS
*/
$search_query = strip_tags($search_query);
$search_query = htmlentities($search_query);
$Request->setVar('search_query', $search_query);

Read: search_query Vulnerability Identified, Fixed

Previous Topic

Next Topic


	Web Artima.com