Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Fixed XSS in class editor using date fields #14930

Merged
merged 3 commits into from
Apr 17, 2023
Merged

[Security] Fixed XSS in class editor using date fields #14930

merged 3 commits into from
Apr 17, 2023

Conversation

Corepex
Copy link
Collaborator

@Corepex Corepex commented Apr 17, 2023
edited
Loading

WHAT

🤖 Generated by Copilot at 5e83942

Fix date and datetime field validation and default value handling in object classes. Clear the field value if it is not a valid date object and prevent saving invalid dates. The changes affect the files date.js and datetime.js in the AdminBundle bundle.

🤖 Generated by Copilot at 5e83942

date field listens
clears invalid input now
autumn bug is fixed

HOW

🤖 Generated by Copilot at 5e83942

  • Fix date field validation and default value handling for object classes (link, link)
    • Clear date field value if it is not a valid date object (link, link)
    • Check date field validity before formatting and setting default value (link)

@Corepex Corepex added this to the 10.5.21 milestone Apr 17, 2023
@github-actions
Copy link

github-actions bot commented Apr 17, 2023
edited by robertSt7
Loading

Review Checklist

  • Target branch (10.5 for bug fixes, others 11.x)
  • Bug fix: check if files are affected that were moved to a bundle - create a PR there if applicable
  • Tests (if it's testable code, there should be a test for it - get help)
  • Docs (every functionality needs to be documented, see here)
  • Migration incl. install.sql (e.g. if the database schema changes, ...)
  • Upgrade notes (deprecations, important information, migration hints, ...)
  • Label
  • Milestone

@robertSt7 robertSt7 self-assigned this Apr 17, 2023
@robertSt7 robertSt7 merged commit fb3056a into 10.5 Apr 17, 2023
@robertSt7 robertSt7 deleted the security_fix_in_class_editor branch April 17, 2023 14:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@robertSt7 robertSt7

Labels
Security
Projects
None yet
Milestone
10.5.21
Development

Successfully merging this pull request may close these issues.
2 participants
@Corepex @robertSt7