2.3.13 (2012-02-01)

Overview

  • Security: Cross-site scripting on text transformations in templates
  • Security: Cross-site scripting (XSS) related to page titles in the CMS

Upgrading Notes ##

See 2.4.7.

Changelog ##

Bugfixes

  • 2012-01-31 15e9e05 Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
  • 2009-05-26 acf9e01 Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)

Other

  • 2012-01-31 475e077 SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages (Ingo Schommer)

Comments

Comment policy: Please use comments for tips and corrections about the described functionality.
Comments are moderated, we reserve the right to remove comments that are inappropriate or are no longer relevant. Use the Silverstripe Forum to ask questions.

blog comments powered by Disqus