Download & Extend
Issues

Trigger & Action escaping issues

Posted by Heine on August 18, 2010 at 7:18pm
Project:Drupal core
Version:7.x-dev
Component:trigger.module
Category:bug report
Priority:critical
Assigned:Unassigned
Status:closed (fixed)
Issue tags:Security Advisory follow-up

Issue Summary

Action labels are not always properly escaped. Sometimes twice, sometimes not at all.

AttachmentSizeStatusTest resultOperations
actions-double-escaping-d7.patch3.44 KBIdlePASSED: [[SimpleTest]]: [MySQL] 22,942 pass(es).View details
Login or register to post comments

Comments

#1

Posted by Gábor Hojtsy on August 18, 2010 at 7:40pm

BTW this is a followup to SA-CORE-2010-002.

#2

Posted by drunken monkey on August 22, 2010 at 10:40am
Status:needs review» reviewed & tested by the community

Looks good to me.

#3

Posted by Dries on August 22, 2010 at 11:04am
Status:reviewed & tested by the community» fixed

Yay! Committed to CVS HEAD.

#4

Posted by System Message on September 5, 2010 at 11:10am
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.