#6134: Paginator helper has XSS problem
---------------------------+------------------------------------------------
Reporter: ichikaway | Owner: mark_story
Type: Bug | Status: closed
Priority: High | Milestone: 1.2.x.x
Component: Helpers | Version: 1.2 Final
Severity: Major | Resolution: fixed
Keywords: | Php_version: n/a
Cake_version: 1.2.1.8004 |
---------------------------+------------------------------------------------
Comment (by ichikaway):
Frank[[BR]]
Thank you for adding important information of repdouction.
[[BR]][[BR]]
Mark_story[[BR]]
Thank you for providing the patch.
I confirmed this problem is solved by this patch.
[[BR]]
Further more, this patch provides the html escape of url.
If we forget urlencode of $paginator->options[url] value, we can avoid XSS
problems.[[BR]]
I'm very happy, thanks.
--
Ticket URL: <https://trac.cakephp.org/ticket/6134#comment:8>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
