Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This mitigates an issue discovered by Matthew Aberegg where the Name field for Saved Searches can be exploited via XSS to execute code. This sanitizes the `$_POST['queue-name']` variable via `Format::htmlchars()` so we are safe from any XSS attempts on creations and updates. All other Saved Search content is parsed/sanitized correctly.
- Loading branch information