New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xss: Cached forms data #3960

merged 1 commit into from Sep 14, 2017


None yet
1 participant

protich commented Sep 14, 2017

Encode html entities of cached form data

Form data XSS
Encode html entities of cached form data

@protich protich merged commit 1f8df24 into osTicket:develop Sep 14, 2017

NFarrington added a commit to VATSIM-UK/Helpdesk that referenced this pull request Oct 7, 2017

Merge tag 'v1.10.1' into development
osTicket v1.10.1

Maintenance release for osTicket 1.10

=== Enhancements
- Users: Support search by phone number
- i18n: Fix getPrimaryLanguage() on non-object (#3799)
- Add TimezoneField (#3786)
- Chunk long text body (#3757, 7b68c99)
- Spyc: convert hex strings to INTs under PHP 7 (#3621)
- forms: Proper Field Deletion
- Move orphaned tasks on department deletion to the default department (42e2c55)
- List: Save List Item Abbreviation (8513f13)

=== Performance and Security
- XSS: Encode html entities of advanced search title (#3919)
- XSS: Encode html entities of cached form data (#3960, bcd58e8)
- ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa691)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment