Project

General

Profile

Actions
Copy link

Bug #5876

closed

system_gateway_groups_edit.php: Gateway description is printed without escaping

Added by Jim Pingle over 9 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Jim Pingle
Category:
Gateways
Target version:
-
Start date:
02/10/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.5
Affected Architecture:

Description

On system_gateway_groups_edit.php, if a gateway has a description using a string containing JS, it will show up here and be executed. The description needs escaping before display.

Fix is ready, will commit momentarily. Only affects 2.2.x, 2.3 does not exhibit the behavior.

Actions
Copy link
 #1

Updated by Jim Pingle over 9 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #2

Updated by Jim Pingle over 9 years ago

  • Status changed from Feedback to Resolved

Additional feedback from the original reporter confirms the internal testing results that this has been fixed.

Actions
Copy link
 #3

Updated by Jim Pingle over 8 years ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF