Overview

File mono-web-xss-CVE-2012-3382.patch of Package mono-core

--- mono-2.6.7/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.xxx	2012-07-13 11:17:23.000000000 +0200
+++ mono-2.6.7/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs	2012-07-13 11:17:37.000000000 +0200
@@ -42,7 +42,7 @@
 				
 			throw new HttpException (403,
 						 "This type of page is not served.",
-						 req != null ? req.Path : null,
+						 req != null ? HttpUtility.HtmlEncode (req.Path) : null,
 						 description);
 		}
openSUSE Build Service is sponsored by
Places