New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.16.0 code fixes #8401
2.16.0 code fixes #8401
Conversation
@@ -153,7 +153,7 @@ | |||
'mautic_contact_index', | |||
[ | |||
'search' => $view['translator']->trans('mautic.lead.lead.searchcommand.company').':"' | |||
.$fields['core']['companyname']['value'].'"', | |||
.$view->escape($fields['core']['companyname']['value']).'"', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure this doesn't conflict with #7760? That PR is doing the exact opposite 😅
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I should have been more thorough investigating origins of the change of this line. I and Don expected it was a bad merge conflict resolution. Will fix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, thanks 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where was it already escaped?
Please be sure you are submitting this against the staging branch.
Description:
This came from code review of #8380. I cherry-picked the changes so they can be applied back to 2.16.0 before the stable release. One of the changes increases security.
Steps to test this PR: