Webservice test client / elasticsearch not escaping returned dumped values to screen
Bug #1719480 reported by
Robert Lyon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Robert Lyon | ||
15.04 |
Fix Released
|
High
|
Unassigned | ||
16.04 |
Fix Released
|
High
|
Unassigned | ||
16.10 |
Fix Released
|
High
|
Unassigned | ||
17.04 |
Fix Released
|
High
|
Unassigned | ||
17.10 |
Fix Released
|
High
|
Robert Lyon |
Bug Description
Similar problem to Bug 1719472
where we have a user with display name set to '<script>
When fetching this user via webservices the test client displays the output to screen without escaping it
summary: |
- Webservice test client not escaping returned dumped values to screen + Webservice test client / elasticsearch not escaping returned dumped + values to screen |
information type: | Private Security → Public Security |
To post a comment you must log in.
Patch for this is https:/ /reviews. mahara. org/#/c/ 8055/