Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed issue: HTML tags are not allowed for admins in participant attributes #2627

Merged
merged 2 commits into from Oct 26, 2022
Merged

Fixed issue: HTML tags are not allowed for admins in participant attributes #2627

merged 2 commits into from Oct 26, 2022

Conversation

Shnoulle
Copy link
Collaborator

Dev: rules for register: sanitize
Dev: XSS filter for admin

@Shnoulle
Fixed issue : allow tag for admin in token attributes
d51698b 
Dev: rules for register: sanitize
Dev: XSS filter for admin
@c-schmitz c-schmitz changed the title Fixed issue : allow tag for admin in token attributes Fixed issue: Tags are not allowed for admins in participant attributes Sep 27, 2022
@c-schmitz c-schmitz added Code review done Version checked for code issue without testing and removed Needs update by author Needs code review labels Sep 27, 2022
@Shnoulle
Copy link
Collaborator Author

Remind 3.X version : #2626

@c-schmitz c-schmitz changed the title Fixed issue: Tags are not allowed for admins in participant attributes Fixed issue: HTML tags are not allowed for admins in participant attributes Oct 5, 2022
@Shnoulle Shnoulle added the Test failed Someone tested the PR and it did not work as expected. Please check out the comments. label Oct 21, 2022
@Shnoulle
Copy link
Collaborator Author

Test failed on remote_control

@Shnoulle
Copy link
Collaborator Author

test failed on

  1. Remote control
  2. CPDB

Thanks to @gabrieljenik for testing :)

@Shnoulle
Copy link
Collaborator Author

Tested : no issue in remote_control or CPDB …

@gabrieljenik can you explain your issue ?

@Shnoulle Shnoulle removed the Test failed Someone tested the PR and it did not work as expected. Please check out the comments. label Oct 25, 2022
@gabrieljenik
Copy link
Collaborator

@gabrieljenik can you explain your issue ?

  • Non superadmin
  • Enter a participant in CPDB which contains tags (Ex: ) in the first name
  • Copy the participant to a survey
  • The tag in the participant was removed.
  • Same participant, different First Name in survey vs CPDB.

@Shnoulle
Copy link
Collaborator Author

Shnoulle commented Oct 25, 2022
edited

The tag in the participant was removed.

Always for firtsname and lastname … when edit too …

Tag allowed only on attribute_X

@Shnoulle
Copy link
Collaborator Author

CPDB issue are clearly another issue …

@c-schmitz c-schmitz added Tested OK This PR has been tested by QA and works as expected and removed Needs testing labels Oct 26, 2022
@c-schmitz c-schmitz merged commit a7e9ff1 into LimeSurvey:master Oct 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-schmitz c-schmitz c-schmitz approved these changes

@gabrieljenik gabrieljenik Awaiting requested review from gabrieljenik

Assignees
No one assigned
Labels
Code review done Version checked for code issue without testing Tested OK This PR has been tested by QA and works as expected
Projects
None yet
Milestone
No milestone
3 participants
@Shnoulle @gabrieljenik @c-schmitz