Fix XSS vulnerability on user's name
Names parsed from incoming emails are stored in the database as is. This pull request addresses potential XSS vulnerability due to improper display of unsanitized names. Going forward names will be scrubbed on create.
Showing
- include/class.format.php 2 additions, 2 deletionsinclude/class.format.php
- include/class.user.php 4 additions, 4 deletionsinclude/class.user.php
- include/staff/templates/users.tmpl.php 4 additions, 2 deletionsinclude/staff/templates/users.tmpl.php
- include/staff/ticket-view.inc.php 3 additions, 1 deletioninclude/staff/ticket-view.inc.php
- include/staff/tickets.inc.php 2 additions, 1 deletioninclude/staff/tickets.inc.php
- include/staff/users.inc.php 2 additions, 1 deletioninclude/staff/users.inc.php
- scp/tickets.php 1 addition, 1 deletionscp/tickets.php
Loading
Please register or sign in to comment