[CRM-19522] HTML injection is not handled during the multi value import - CiviCRM Issue Tracker

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 4.6.10
Fix Version/s: None
Component/s: None
Labels:
None

Versioning Impact:
Patch (backwards-compatible bug fixes)
Documentation Required?:
None
Funding Source:
Contributed Code

Description

1. Create simple custom files with "Alphanumeric" type of field (Custom Filed->Student->Select "Alphanumeric" type)
2. Navigate to the Import Multi value page and upload 'csv' with ID and HTML injection value (ex: 128, <h1>test</h1>)
3. Try to import value

Actual Result:

HTML injection is handled and displayed in "bold"
Import is failed with following error (See attachment)

In case of continuing following exception appeared

 Strict warning: Declaration of CRM_Custom_Import_Parser::run() should be compatible with CRM_Contact_Import_Parser::run($tableName, &$mapper, $mode = self::MODE_PREVIEW, $contactType = self::CONTACT_INDIVIDUAL, $primaryKeyName = '_id', $statusFieldName = '_status', $onDuplicate = self::DUPLICATE_SKIP, $statusID = NULL, $totalRowCount = NULL, $doGeocodeAddress = false, $timeout = CRM_Contact_Import_Parser::DEFAULT_TIMEOUT, $contactSubType = NULL, $dedupeRuleGroupID = NULL) in require_once() (line 35 of /var/www/sites/all/modules/custom/civicrm/CRM/Custom/Import/Parser.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1166 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1177 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1192 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1193 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1195 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1200 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1200 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1200 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1222 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1222 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1234 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1247 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1166 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1177 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1192 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1193 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1195 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1200 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1200 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1200 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1222 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1222 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1234 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).
Notice: Undefined offset: 20 in CRM_Contact_Import_Parser_Contact::isErrorInCustomData() (line 1247 of /var/www/sites/all/modules/custom/civicrm/CRM/Contact/Import/Parser/Contact.php).

Expected Result:

HTML injection is handled as String
Import performed without errors

HTML injection is not handled during the multi value import

Details

Description

Attachments

Activity

People

Dates