Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
xss: Saved Search Name
This mitigates an issue discovered by Matthew Aberegg where the Name field for Saved Searches can be exploited via XSS to execute code. This sanitizes the `$_POST['queue-name']` variable via `Format::htmlchars()` so we are safe from any XSS attempts on creations and updates. All other Saved Search content is parsed/sanitized correctly.
- Loading branch information