[PHPBB3-15600] Ban reasons are not escaped in mcp_ban.html template - phpBB Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3, 3.2.2
Fix Version/s: 4.0.0-a1, 3.2.4-RC1
Component/s: None
Labels:
- template
Environment:
PHP 7.2.3, PostgreSQL 9.6, Chrome 65.0.3325.181

GitHub Pull Request URL:
https://github.com/phpbb/phpbb/pull/5170

Description

Technically it is possible to store multiline ban reasons in database, however this breaks unescaped JavaScript code stored in template.

I suggest to use TWIG e('js') function to fix this issue.

Attachments

Activity

People

Assignee:: Marc

Reporter:: Tarzanych [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Mar/18 5:16 PM

Updated:: 24/Jan/19 9:37 PM

Resolved:: 09/Oct/18 8:28 PM