Fix XSS in search page

Dmitry Ivanov [d1m0ck](https://twitter.com/d1m0ck) reported[*1] a security vulnerability in the Source Integration plugin's search results page, allowing an attacker to inject arbitrary HTML or javascript code (the latter, only if MantisBT's default CSP are disabled). Proper escaping of the permalink resolves the issue. Fixes #205 [*1]: http://openbugbounty.org/incidents/218993/
mantisbt-plugins · Mar 16, 2017 · b014da5 · b014da5
1 parent f4b67d7
commit b014da5
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Source/pages/search.php b/Source/pages/search.php
@@ -37,10 +37,10 @@
 				<div class="table-responsive">
 
 					<div class="widget-toolbox padding-8 clearfix">
-						<a class="btn btn-xs btn-primary btn-white btn-round" href="<?php echo plugin_page( 'search' ) . $t_permalink ?>">
+						<a class="btn btn-xs btn-primary btn-white btn-round" href="<?php echo plugin_page( 'search' ) . string_attribute( $t_permalink ) ?>">
 							<?php echo plugin_lang_get( 'permalink' ) ?>
 						</a>
-						<a class="btn btn-xs btn-primary btn-white btn-round" href="<?php echo plugin_page( 'search_page' ) . $t_permalink ?>">
+						<a class="btn btn-xs btn-primary btn-white btn-round" href="<?php echo plugin_page( 'search_page' ) . string_attribute( $t_permalink ) ?>">
 							<?php echo plugin_lang_get( 'modify_search' ) ?>
 						</a>
 						<a class="btn btn-xs btn-primary btn-white btn-round" href="<?php echo plugin_page( 'search_page' ) ?>">