Description of a skin should be html escaped
Bug #1373170 reported by
Son Nguyen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Son Nguyen | ||
1.10 |
Fix Released
|
High
|
Son Nguyen | ||
1.8 |
Fix Released
|
High
|
Unassigned | ||
1.9 |
Fix Released
|
High
|
Son Nguyen |
Bug Description
Version: master (1.10), 1.9
Platform, browser: any
The skin description displayed in the pop-up window when click the 'i' button in the page htdocs/
See the attached file
CVE References
Changed in mahara: | |
assignee: | nobody → Son Nguyen (ngson2000) |
status: | Confirmed → In Progress |
Changed in mahara: | |
status: | In Progress → Fix Committed |
milestone: | none → 1.10.0 |
information type: | Public → Public Security |
no longer affects: | mahara/1.11 |
Changed in mahara: | |
milestone: | 1.10.0 → none |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Patch for "master" branch: https:/ /reviews. mahara. org/3715