mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-18 15:36:30 +02:00
f3ef04a432
Related to SS-2013-009. While the default "TreeTitle" was escaped within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title weren't escaped. The new logic uses the underlying casting helpers on the processed objects.
316 B
316 B
3.1.0-rc3
Overview
Security: XSS in CMS "Security" section (SS-2013-007)
See announcement
Security: XSS in CMS "Pages" section (SS-2013-009)
See announcement