Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.User supplied arguments for regex must be passed through preg_quote(). Patch attached.
This issue does not need to pass through the regular security process because there isn't a full release yet. Simply commit this patch and mark the next release as a security update.
| Comment | File | Size | Author |
|---|---|---|---|
| smart_paging_security.diff | 1.96 KB | dalin |
Comments
Comment #1
arpeggio commentedThank you for reporting the bug and the patch. I have already committed and pushed the patch.