Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #12474: bug_report XSS issue when report_stay=1
The "report stay" feature of the bug report page allows the user to remain on the bug report page after submitting a report. After submission a new bug_report page is opened and is prefilled with data from the bug report just completed. The problem is that the hidden input fields are not properly escaped. This is not really a security issue as you need a valid one time CSRF token to access bug_report.php anyhow. It's more a case of users experiencing broken page output when they submit bug reports containing HTML characters (using the report stay feature).
- Loading branch information