CMS MADE SIMPLE FORGE

LISE

 

[#12534] URL parameter clean not being done - subject to injection attacks

avatar
Created By: Phil Scoltock (mantapro)
Date Submitted: Tue Mar 29 00:37:06 -0400 2022

Assigned To:
Version: 1.4.2
CMSMS Version: 2.2.16
Severity: Major
Resolution: None
State: Open
Summary:
URL parameter clean not being done - subject to injection attacks
Detailed Description:
 /LISE/lib/class.LISEInstance.php

In the "public function InitializeFrontend()" line 178 the template_detail
parameter is missing; instead it has this which may be out of date (or at least
isn't mentioned in the Admin Help docs

    $this->SetParameterType('detailtemplate',               CLEAN_STRING);

So this needs to be added 

    $this->SetParameterType('template_detail',               CLEAN_STRING);


History