git.samba.org / ddiss / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d7242cb) | patch
s3 swat: Fix possible XSS attack (bug #8289)
authorKai Blin <kai@samba.org>
Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)
committerKarolin Seeger <kseeger@samba.org>
Tue, 26 Jul 2011 19:15:06 +0000 (21:15 +0200)
commitd88744f460a2a65d4e0cfb6c944f90f09e15d3b4
treea974906b5bcc0c9e203f32c2ae72e88a6a423997tree
parentd7242cb7fcfca687a4b9c20c4084c74b12fc5aadcommit | diff
s3 swat: Fix possible XSS attack (bug #8289)

Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.

This patch fixes the reflection issue by not printing user-specified content on
the website anymore.

Signed-off-by: Kai Blin <kai@samba.org>
source3/web/swat.c diff | blob | history
ddiss' public Samba repository