Closed (fixed)
Project:
Advanced Poll
Version:
7.x-3.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
27 Oct 2013 at 09:09 UTC
Updated:
28 Nov 2017 at 04:49 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
lirantal commentedthe patch fixes the issue by filtering out vulnerable xss before outputting the result.
Comment #2
damienmckennaThis should have been submitted as a security report!greggles reminded me that only modules with stable releases (which this doesn't have) are covered by the security procedures, all others should be handled via issues in the respective issue queues. I apologize for jumping the gun.
Comment #3
gregglesre #2 - that's only partially accurate. The Security Team does appreciate getting issues reported in private first, but in cases where the policy says it can be fixed in public it's an acceptable (but not preferred) practice to just report the issue in public. By reporting it to the private security.drupal.org tracker it is possible for the maintainer to get some level of advanced warning so they can prepare a fix quickly before the issue is public to the whole world.
Comment #4
rooby commentedRelevant issue: #939032: Roll out a release of Advanced Poll for D6 and avoid confusion about different D6 branches (6.x-1.x, 6.x-2.x and 6.x-3.x)
However by looking at that issue it would seem unlikely to be resolved any time soon.
Comment #5
gobinathmComment #6
gobinathmComment #7
abrammFollowing is the patch for 7.x-3.x-dev.
Comment #8
bohartRerolling the patch to work with current state of 7.x-3.x branch.
It works for me.
Comment #10
mikhailkrainiuk commentedThank you!