Romain Quetiez 1ebafb0566 XSS: Fixed a regression caused by the fix [3994]. Object hyperlinks were escaped twice causing accuented characters displayed as '´'. The API DBObject::MakeHyperLink has been clarified and the original fix moved elsewhere. The XSS injection that was not handled correctly prior to [3994] was in the display of an external key in the details of an object. To reproduce easily, inject some malicious characters in the name of the organization 'Demo' and view any object owned by Demo. ...

SVN:trunk[4106]

2016-05-19 09:51:09 +00:00

107 KiB

Raw Blame History

View Raw