Update of /cvsroot/mantisbt/mantisbt/core
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19935/core
Modified Files:
Tag: BRANCH_0_19_3
filter_api.php
Log Message:
fix for 0006420: Injection Vulnerabilities in Filters (TKADV2005-11-002)
Index: filter_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/filter_api.php,v
retrieving revision 1.64.2.1
retrieving revision 1.64.2.1.2.1
diff -u -d -r1.64.2.1 -r1.64.2.1.2.1
--- filter_api.php 25 Sep 2005 13:39:51 -0000 1.64.2.1
+++ filter_api.php 12 Dec 2005 03:00:05 -0000 1.64.2.1.2.1
@@ -961,7 +961,7 @@
if ( ( $t_current == 'any' ) || ( is_blank( $t_current ) ) ) {
$t_any_found = true;
} else {
-
$t_this_string = $t_current;
+
$t_this_string = string_display( $t_current );
}
if ( $t_first_flag != true ) {
$t_output = $t_output . '<br>';
@@ -1144,7 +1144,7 @@
if ( ( $t_current == 'any' ) || ( is_blank( $t_current ) ) ) {
$t_any_found = true;
} else {
-
$t_this_string = $t_current;
+
$t_this_string = string_display( $t_current );
}
if ( $t_first_flag != true ) {
$t_output = $t_output . '<br>';
@@ -1204,7 +1204,7 @@
if ( ( $t_current == 'any' ) || ( is_blank( $t_current ) ) ) {
$t_any_found = true;
} else {
-
$t_this_string = $t_current;
+
$t_this_string = string_display( $t_current );
}
if ( $t_first_flag != true ) {
$t_output = $t_output . '<br>';
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
|
