Thursday, 07 October 2010 16:47
The guys over at YGN posted a video today of a 0-day Joomla! 1.5.20 XSS flaw. I've taken a look and have a quick fix that should prevent exploitation.
The flaw is in libraries/joomla/document/html/html.php, line 127:
function addHeadLink($href, $relation, $relType = 'rel', $attribs = array()) { $attribs = JArrayHelper::toString($attribs); $generatedTag = '<link href="'.$href.'" '.$relType.'="'.$relation.'" '.$attribs; $this->_links[] = $generatedTag; }
Here's the (admittedly dirty) fix:
function addHeadLink($href, $relation, $relType = 'rel', $attribs = array()) { $attribs = JArrayHelper::toString($attribs); $generatedTag = '<link href="'.htmlspecialchars(html_entity_decode($href)).'" '.$relType.'="'.$relation.'" '.$attribs; $this->_links[] = $generatedTag; }
UPDATE: Thanks fw116 at the Joomla! forums for pointing out I had the wrong file path!
Last Updated on Thursday, 07 October 2010 22:04
Add your comment
Featured Extensions
$5.00
FREE You Save: $5.00 |
$10.00
FREE You Save: $10.00 |
$3.00
FREE You Save: $3.00 |
$1.00
FREE You Save: $1.00 |
Latest Articles
Most Popular
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.
Cart
Your Cart is currently empty.
Keywords
Template Info
-
Name
Circles -
Creation Date
06/28/09 -
Author
Jeff Channell -
Author Email
me@jeffchannell.com -
Author URL
http://jeffchannell.com -
Version
0.0.2 -
Description
Circles