Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit 47638a91 authored by Gary Allan's avatar Gary Allan
Browse files

Bugfix: XSS (reflected) by invalid email address response

Reported by ZenalArifin
parent 1960bd24
No related branches found
No related tags found
No related merge requests found
......@@ -21,7 +21,7 @@ $User->check_user_session();
# verify each recipient
foreach (explode(",", $_POST['recipients']) as $rec) {
if(!filter_var(trim($rec), FILTER_VALIDATE_EMAIL)) {
$Result->show("danger", _("Invalid email address")." - ".$rec, true);
$Result->show("danger", _("Invalid email address")." - ".escape_input($rec), true);
}
}
# strip html tags
......
......@@ -27,7 +27,7 @@ if($_POST['validity']>date("Y-m-d H:i:s", strtotime("+ 7 days"))) { $Result->sho
# verify each recipient
if(strlen($_POST['email'])>0) {
foreach (explode(",", $_POST['email']) as $rec) {
if(!filter_var(trim($rec), FILTER_VALIDATE_EMAIL)) { $Result->show("danger", _("Invalid email address")." - ".$rec, true); }
if(!filter_var(trim($rec), FILTER_VALIDATE_EMAIL)) { $Result->show("danger", _("Invalid email address")." - ".escape_input($rec), true); }
}
}
......
......@@ -7,6 +7,7 @@
Security Fixes:
----------------------------
+ XSS (reflected) in 'bw-calulator-result.php';
+ XSS (reflected) by invalid email address response;
+ Restrict find_full_subnets.php to CLI;
== 1.5.0
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment