Gossamer Forum: Gossamer Threads Inc.: Official Bug Fixes: Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability (eljot)

Gossamer Threads

Home : Gossamer Threads Inc. : Official Bug Fixes :

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability

May 5, 2008, 11:43 PM

eljot

User (200 posts)

May 5, 2008, 11:43 PM

Shortcut

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability In reply to

brewt wrote:

If your directory does not allow html in any link info (eg. link descriptions, reviews, etc) then you can not modify your templates and just add an option to GT::Template to html escape all variables. To do this, edit admin/Links.pm (it's on a different line depending on the version you have installed) in "sub user_page", before it calls GT::Template->parse(...), add the following line:

Code:
$opts->{escape} = 1;

And what can I do if I use html?
I am using Links SQL 2.1.2 and would not like to
update to Links 3.

Best regards from
Bremen/Germany

Lothar

Subject	Author	Views	Date
[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	60671	Apr 21, 2005, 2:03 PM

Post deleted by Alba	Alba	59648	Apr 22, 2005, 3:01 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Andy	59618	Apr 22, 2005, 3:17 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	pugdog	59614	Apr 22, 2005, 6:55 AM

Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59604	Apr 22, 2005, 12:32 PM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Alba	59561	Apr 26, 2005, 7:34 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59534	Apr 26, 2005, 4:28 PM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Alba	59532	Apr 27, 2005, 1:03 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59586	Apr 27, 2005, 1:08 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	pugdog	59510	Apr 27, 2005, 6:46 AM

Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59527	Apr 27, 2005, 11:13 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	webmaster33	59490	Apr 28, 2005, 5:18 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	eljot	55279	May 5, 2008, 11:43 PM

Re: [eljot] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	55205	May 5, 2008, 11:59 PM

Gossamer Threads is a Vancouver-based company with over 28 years experience in web technology. From development to hosting, we partner with leading organizations around the globe and help to build their web presences, strategies and infrastructures.

Let’s talk: 1-877-715-7676