[CRM-18401] Not all values passed through via relationships ajax page are sanitised - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Major
Resolution: Duplicate
Affects Version/s: 4.7.5
Fix Version/s: None
Component/s: Core CiviCRM
Labels:
- PatchSubmitted

Documentation Required?:
None
Funding Source:
Contributed Code

Description

It would appear that looking at the code in CRM/Contact/Page/Ajax.php that we are mixing in both unsanitised $_GET params and the sanitised versions..

This to me could be a recipie for problems. It also is apparent that not all of the $_GET paramaters that are manipulated get sanitised as they are manipulated.

Attachments

Issue Links

links to

PR: civicrm-core#8126: CRM-18401 Ensure as far as possible Params on Ajax pages are sanitised

Activity

People

Assignee:

Unassigned

Reporter:

Seamus Lee

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2016-04-12 21:19

Updated:

2016-04-16 3:30

Resolved:

2016-04-16 3:30