Security issue - draggableviews_repaired_msg not properly sanitized [#649292]

Per http://drupal.org/node/475848, the security team has cleared this issue to be fixed publicly.

The draggableviews_repaired_msg is not sanitized before being passed to drupal_set_message, allowing an XSS attack. See line 331 of draggableviews.module

Comments

Comment #1

sevi commented 2 December 2009 at 22:12

Status:

Active

» Needs review

Committed to Drupal-6--3 branch: http://drupal.org/cvs?commit=297026
Does this fixes this issue?

I'll add a new release soon.

Greetings,
sevi

Comment #2

sevi commented 6 January 2010 at 14:56

Status:

Needs review

» Fixed

Comment #3

20 January 2010 at 15:00

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Security issue - draggableviews_repaired_msg not properly sanitized

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community