Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed issue [security] #16019: Stored XSS in survey groups. (Thanks t…
…o Matthew Aberegg and Michael Burkey)

Dev: admin view to be fixed
Dev: not shown in public : no need XSS filtering
  • Loading branch information
Shnoulle committed Mar 23, 2020
1 parent c76ae7b commit 04b118a
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
1 change: 0 additions & 1 deletion application/models/SurveysGroups.php
Expand Up @@ -41,7 +41,6 @@ public function rules()
array('name', 'match', 'pattern'=> '/^[A-Za-z0-9_\.]+$/u','message'=> gT('Group name can contain only alphanumeric character, underscore or dot.')),
array('title', 'length', 'max'=>100),
array('description, created, modified', 'safe'),
array('title, name, description', 'LSYii_Validators'),
// The following rule is used by search().
// @todo Please remove those attributes that should not be searched.
array('gsid, name, title, description, owner_id, parent_id, created, modified, created_by', 'safe', 'on'=>'search'),
Expand Down
2 changes: 1 addition & 1 deletion application/views/admin/surveysgroups/surveySettings.php
Expand Up @@ -31,7 +31,7 @@
)
)
)); ?>
<h3><?php eT('Survey settings for group: '); echo '<strong><em>'.$model->title.'</strong></em>'; ?></h3>
<h3><?php eT('Survey settings for group: '); echo '<strong><em>'.CHtml::encode($model->title).'</strong></em>'; ?></h3>
<div class="row">
<div id="surveySettingsForThisGroup" style="display: flex; flex-wrap:nowrap;">
<div id="global-sidebar-container">
Expand Down

0 comments on commit 04b118a

Please sign in to comment.