Gossamer Forum: Gossamer Threads Inc.: Official Bug Fixes: Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability (eljot)

Gossamer Threads

Home : Gossamer Threads Inc. : Official Bug Fixes :

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability

May 5, 2008, 11:43 PM

eljot

User (200 posts)

May 5, 2008, 11:43 PM

Shortcut

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability In reply to

brewt wrote:

If your directory does not allow html in any link info (eg. link descriptions, reviews, etc) then you can not modify your templates and just add an option to GT::Template to html escape all variables. To do this, edit admin/Links.pm (it's on a different line depending on the version you have installed) in "sub user_page", before it calls GT::Template->parse(...), add the following line:

Code:
$opts->{escape} = 1;

And what can I do if I use html?
I am using Links SQL 2.1.2 and would not like to
update to Links 3.

Best regards from
Bremen/Germany

Lothar

Subject	Author	Views	Date
[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	61176	Apr 21, 2005, 2:03 PM

Post deleted by Alba	Alba	60152	Apr 22, 2005, 3:01 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Andy	60121	Apr 22, 2005, 3:17 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	pugdog	60119	Apr 22, 2005, 6:55 AM

Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	60108	Apr 22, 2005, 12:32 PM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Alba	60066	Apr 26, 2005, 7:34 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	60038	Apr 26, 2005, 4:28 PM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	Alba	60035	Apr 27, 2005, 1:03 AM

Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	60089	Apr 27, 2005, 1:08 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	pugdog	60015	Apr 27, 2005, 6:46 AM

Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	60032	Apr 27, 2005, 11:13 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	webmaster33	59991	Apr 28, 2005, 5:18 AM

Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	eljot	55783	May 5, 2008, 11:43 PM

Re: [eljot] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability	brewt	55707	May 5, 2008, 11:59 PM

Gossamer Threads is a Vancouver-based company with over 28 years experience in web technology. From development to hosting, we partner with leading organizations around the globe and help to build their web presences, strategies and infrastructures.

Let’s talk: 1-877-715-7676