projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 394643b) | patch
security/core#16 - Smarty - Fix XSS in crmMoney plugin
authorPatrick Figel <pfigel@greenpeace.org>
Sun, 6 Jan 2019 17:30:30 +0000 (18:30 +0100)
committerSeamus Lee <seamuslee001@gmail.com>
Fri, 22 Feb 2019 00:08:42 +0000 (11:08 +1100)
commit5fb64d515190821c017c6ea8d3ffcf148bcb9f6f
tree78743e8f650eccb6cfd2f9bb3a449f725c6def54tree | snapshot (zip tar.gz)
parent394643b981ac1ecd3f7120126ea3c47c0f9e88afcommit | diff
security/core#16 - Smarty - Fix XSS in crmMoney plugin

This fixes an XSS in the crmMoney smarty plugin by checking the
currency against the currency list and adds some basic tests.

Fixes security/core#16
CRM/Utils/Money.php diff | blob | blame | history
tests/phpunit/CRM/Core/Smarty/plugins/CrmMoneyTest.php [new file with mode: 0644] blob
tests/phpunit/CRM/Utils/MoneyTest.php diff | blob | blame | history