Reviewed: https://reviews.mahara.org/8088 Committed: https://git.mahara.org/mahara/mahara/commit/5f0016db8106342a2d2305fd278dfb109a54cc5f Submitter: Robert Lyon ([email protected]) Branch: master
commit 5f0016db8106342a2d2305fd278dfb109a54cc5f Author: Cecilia Vela Gurovic <[email protected]> Date: Wed Oct 4 14:25:23 2017 +1300 Bug 1720269: old_raw patches for bugs: (create/edit views) Bug 1718806 Bug 1718538 Bug 1707076 Bug 1693061 Bug 1692759 Bug 1692758 Bug 1690267 Bug 1668888 Bug 1693062 Bug 1688416 Bug 1677087 behatnotneeded Change-Id: I467b2640a579ea93f8a1206d6d33ab54f1634751 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1707076 Title: Skin title not escaped in page settings form Status in Mahara: Fix Committed Status in Mahara 16.04 series: Fix Released Status in Mahara 16.10 series: Fix Released Status in Mahara 17.04 series: Fix Released Status in Mahara 17.10 series: Fix Committed Bug description: When testing https://bugs.launchpad.net/mahara/+bug/1706536 I noticed there was a problem on the page settings form where skin title was not being escaped. To test: 1) Set up a skin with the title: It's all <script>alert(1);</script>good! 2a) If the patch for bug 1706536 is in play it should show the title as inputed but not execute the js 2b) If the patch for bug 1706536 is not present it should show the title with special characters escaped but not execute the js 3) Go to pages and collections and edit a page 4) Click on settings You get an alert box with '1' in it The title for the skin needs to be escaped/made safe To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1707076/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
