Links & resources urls are unsanitised
Bug #1009774 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Melissa Draper |
Bug Description
Discovered by Emanuel Bronshtein. Present in all versions, requires an admin account.
Configure site -> Menus -> Add External Link:
http://
Add new Link:
Name: XSS
Linked to: javascript:
click "Add".
...
fix: Allow only whitelisted protocols (http,https,
The sanitize_url function should be used for this.
security vulnerability: | no → yes |
To post a comment you must log in.
Using sanitize_url() fixes the problem, but breaks links if used as-is, because it removes anything without an explicit protocol, or anything not in (http, https, ftp).