Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.16.0 code fixes #8401

Merged
merged 4 commits into from Feb 6, 2020
Merged

2.16.0 code fixes #8401

merged 4 commits into from Feb 6, 2020

Conversation

escopecz
Copy link
Sponsor Member

@escopecz escopecz commented Feb 5, 2020

Please be sure you are submitting this against the staging branch.

Q A
Bug fix? Y
New feature? N
Automated tests included? /
Related user documentation PR URL /
Related developer documentation PR URL /
Issues addressed (#s or URLs) #8380
BC breaks? N
Deprecations? N

Description:

This came from code review of #8380. I cherry-picked the changes so they can be applied back to 2.16.0 before the stable release. One of the changes increases security.

Steps to test this PR:

  1. Load up this PR
  2. Check that avatars work on contact details page.
  3. Check that company list page loads as before.

@escopecz escopecz added this to the 2.16.0 milestone Feb 5, 2020
@escopecz escopecz added code-review-needed PR's that require a code review before merging ready-to-test PR's that are ready to test regression A bug that broke something in the last release labels Feb 5, 2020
dennisameling
dennisameling reviewed Feb 5, 2020
View reviewed changes
app/bundles/LeadBundle/Views/Company/list.html.php Outdated
@@ -153,7 +153,7 @@
'mautic_contact_index',
[
'search' => $view['translator']->trans('mautic.lead.lead.searchcommand.company').':"'
.$fields['core']['companyname']['value'].'"',
.$view->escape($fields['core']['companyname']['value']).'"',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure this doesn't conflict with #7760? That PR is doing the exact opposite 😅

Copy link
Sponsor Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should have been more thorough investigating origins of the change of this line. I and Don expected it was a bad merge conflict resolution. Will fix.

@escopecz escopecz mentioned this pull request Feb 6, 2020
Merged
dennisameling
dennisameling approved these changes Feb 6, 2020
View reviewed changes
Copy link
Member

@dennisameling dennisameling left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks 👍

@dennisameling dennisameling merged commit 3b18048 into mautic:staging Feb 6, 2020
dongilbert
dongilbert reviewed Feb 6, 2020
View reviewed changes
Copy link
Member

@dongilbert dongilbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where was it already escaped?

@escopecz escopecz deleted the 2.16.0-code-fixes branch February 6, 2020 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dongilbert dongilbert dongilbert left review comments

@dennisameling dennisameling dennisameling approved these changes

Assignees
No one assigned
Labels
code-review-needed PR's that require a code review before merging ready-to-test PR's that are ready to test regression A bug that broke something in the last release
Projects
None yet
Milestone
2.16.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@escopecz @dongilbert @dennisameling