From ecb93d8c1fd3bbde62aca9c3a13c32f077da2da8 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Mon, 29 Aug 2016 00:50:41 +0200
Subject: [PATCH] Tests: fix XSS vulnerability
This issue was reported by JPCERT Coordination Center (JPCERT/CC) with
reference JVN#48237713.
The root cause is a foreach loop processing all GET parameters and
blindly assigning them to variables, allowing an attacker to
replace contents of global variables.
This limits variable processing using a regex matching those used in
testdatabases.inc.php (i.e. beginning with 'test' or 'no').
Fixes #274
---
tests/test.php | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tests/test.php b/tests/test.php
index f3991ff..382dd3e 100644
--- a/tests/test.php
+++ b/tests/test.php
@@ -1741,8 +1741,11 @@ function adodb_test_err($dbms, $fn, $errno, $errmsg, $p1=false, $p2=false)
foreach($_GET as $k=>$v) {
- //global $$k;
- $$k = $v;
+ // XSS protection (see Github issue #274) - only set variables for
+ // expected get parameters used in testdatabases.inc.php
+ if(preg_match('/^(test|no)\w+$/', $k)) {
+ $$k = $v;
+ }
}
?>
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
b2d0254c8d0cd9eaac3ec9557f495108
>
files
>
2
