I attach a patch.
Original patch by Francisco José Cruz Romanos, and Peter Wolanin of the Drupal Security Team.
Comment | File | Size | Author |
---|---|---|---|
#12 | 1892530-12.patch | 905 bytes | amateescu |
I attach a patch.
Original patch by Francisco José Cruz Romanos, and Peter Wolanin of the Drupal Security Team.
Comment | File | Size | Author |
---|---|---|---|
#12 | 1892530-12.patch | 905 bytes | amateescu |
Comments
Comment #1
grisendo CreditAttribution: grisendo commentedComment #2
grisendo CreditAttribution: grisendo commentedComment #3
larowlanComment #4
larowlanReroll after SA-CORE-2013-03
Comment #5
larowlanComment #6
larowlanComment #7
scor CreditAttribution: scor commentedComment #8
tim.plunkettComment #10
swentel CreditAttribution: swentel commented6: image-xss-1892530.4.patch queued for re-testing.
Comment #12
amateescu CreditAttribution: amateescu commentedThe original patch was correct, we only filter on output, not on regular API calls.
Comment #13
klausiSecurity issues are critical.
Comment #17
amateescu CreditAttribution: amateescu commented12: 1892530-12.patch queued for re-testing.
Comment #18
tim.plunkettLooks good to me.
Comment #19
webchickCommitted and pushed to 8.x. Thanks!