tonyair/silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00

Will Rossiter 6c5ddaf054 Restructure of the docs markdown source files into more logical taxonomy

2014-12-17 15:48:35 +13:00

845 B

Raw Blame History

2.3.13 (2012-02-01)

Overview

Security: Cross-site scripting on text transformations in templates
Security: Cross-site scripting (XSS) related to page titles in the CMS

Upgrading Notes

See 2.4.7.

Changelog

Bugfixes

2012-01-31 15e9e05 Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
2009-05-26 acf9e01 Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)

Other

2012-01-31 475e077 SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages (Ingo Schommer)