New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Format the advanced search title so that it will not allow javascript #3919

Merged
merged 1 commit into from Sep 14, 2017

Conversation

Projects
None yet
2 participants
@aydreeihn
Contributor

aydreeihn commented Aug 10, 2017

This addresses issue #3766 where javascript can be injected into the title of an advanced search.

@protich protich merged commit ebe1953 into osTicket:develop Sep 14, 2017

NFarrington added a commit to VATSIM-UK/Helpdesk that referenced this pull request Oct 7, 2017

Merge tag 'v1.10.1' into development
osTicket v1.10.1

Maintenance release for osTicket 1.10

=== Enhancements
- Users: Support search by phone number
- i18n: Fix getPrimaryLanguage() on non-object (#3799)
- Add TimezoneField (#3786)
- Chunk long text body (#3757, 7b68c99)
- Spyc: convert hex strings to INTs under PHP 7 (#3621)
- forms: Proper Field Deletion
- Move orphaned tasks on department deletion to the default department (42e2c55)
- List: Save List Item Abbreviation (8513f13)

=== Performance and Security
- XSS: Encode html entities of advanced search title (#3919)
- XSS: Encode html entities of cached form data (#3960, bcd58e8)
- ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa691)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment