Fixed issue [security] #16019: Stored Cross Site Scripting Vulnerabil…

…ity in survey groups. (Thanks to Matthew Aberegg and Michael Burkey)
LimeSurvey · Mar 23, 2020 · 6691895 · 6691895 · Shnoulle · Mar 23, 2020
1 parent 2c60503
commit 6691895
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/application/models/SurveysGroups.php b/application/models/SurveysGroups.php
@@ -41,6 +41,7 @@ public function rules()
             array('name', 'match', 'pattern'=> '/^[A-Za-z0-9_\.]+$/u','message'=> gT('Group name can contain only alphanumeric character, underscore or dot.')),
             array('title', 'length', 'max'=>100),
             array('description, created, modified', 'safe'),
+            array('title, name, description', 'LSYii_Validators'),
             // The following rule is used by search().
             // @todo Please remove those attributes that should not be searched.
             array('gsid, name, title, description, owner_id, parent_id, created, modified, created_by', 'safe', 'on'=>'search'),