Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Back porting of security patches #3197

Merged
merged 5 commits into from
Jun 15, 2022

Conversation

SchrodingersGat
Copy link
Member

@SchrodingersGat SchrodingersGat commented Jun 15, 2022

* Enforce file download for attachments table(s)

* Enforce file download for attachment in 'StockItemTestResult' table

(cherry picked from commit 76aa3a7)
* Enable HTML escaping for all tables by default

* Enable HTML escaping for all tables by default

* Adds automatic escaping for bootstrap tables where custom formatter function is specified

- Intercept the row data *before* it is provided to the renderer function
- Adds a function for sanitizing nested data structure

* Sanitize form data before processing

(cherry picked from commit cd418d6)
@SchrodingersGat SchrodingersGat added the security Relates to a security issue label Jun 15, 2022
@SchrodingersGat SchrodingersGat added this to the 0.7.2 milestone Jun 15, 2022
@SchrodingersGat SchrodingersGat merged commit 26bf51c into inventree:0.7.x Jun 15, 2022
@SchrodingersGat SchrodingersGat deleted the security-patches branch June 15, 2022 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security Relates to a security issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant