Gossamer Forum: Gossamer Threads Inc.: Official Bug Fixes: Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability (eljot)

Gossamer Threads

Home : Gossamer Threads Inc. : Official Bug Fixes :

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability

May 5, 2008, 11:43 PM

eljot

User (200 posts)

May 5, 2008, 11:43 PM

Shortcut

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability In reply to

brewt wrote:

If your directory does not allow html in any link info (eg. link descriptions, reviews, etc) then you can not modify your templates and just add an option to GT::Template to html escape all variables. To do this, edit admin/Links.pm (it's on a different line depending on the version you have installed) in "sub user_page", before it calls GT::Template->parse(...), add the following line:

Code:
$opts->{escape} = 1;

And what can I do if I use html?
I am using Links SQL 2.1.2 and would not like to
update to Links 3.

Best regards from
Bremen/Germany

Lothar

Subject	Author	Views	Date
[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	60725	Apr 21, 2005, 2:03 PM

Post deleted by Alba	Alba	59703	Apr 22, 2005, 3:01 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Andy	59672	Apr 22, 2005, 3:17 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	pugdog	59669	Apr 22, 2005, 6:55 AM

Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59658	Apr 22, 2005, 12:32 PM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Alba	59616	Apr 26, 2005, 7:34 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59588	Apr 26, 2005, 4:28 PM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Alba	59587	Apr 27, 2005, 1:03 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59642	Apr 27, 2005, 1:08 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	pugdog	59565	Apr 27, 2005, 6:46 AM

Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	59582	Apr 27, 2005, 11:13 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	webmaster33	59545	Apr 28, 2005, 5:18 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	eljot	55334	May 5, 2008, 11:43 PM

Re: [eljot] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	55260	May 5, 2008, 11:59 PM

Gossamer Threads is a Vancouver-based company with over 28 years experience in web technology. From development to hosting, we partner with leading organizations around the globe and help to build their web presences, strategies and infrastructures.

Let’s talk: 1-877-715-7676