Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-5667

Fix potential XSS vulnerabilities related to adjacent fields

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Critical
          • Resolution: Fixed/Completed
          • Affects Version/s: 3.1
          • Fix Version/s: 3.1
          • Component/s: Core CiviCRM
          • Labels:
            None

            Description

            Apply htmlspecialchars encoding before saving all field values EXCEPT for an explcitly listed set of fields where we need to support HTML tags. These special case fields are only accessible to authenticated admin users.

            Primary commit for this is:
            http://fisheye2.atlassian.com/changelog/~br=v3.1,author=kurund/CiviCRM/?cs=25788

              Attachments

                Activity

                  People

                  • Assignee:
                    kurund Kurund Jalmi
                    Reporter:
                    dgg David Greenberg
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: