projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 64c6f69) | patch
security/core#16 - Smarty - Fix XSS in crmMoney plugin
authorPatrick Figel <pfigel@greenpeace.org>
Sun, 6 Jan 2019 17:30:30 +0000 (18:30 +0100)
committerTim Otten <totten@civicrm.org>
Thu, 21 Feb 2019 03:41:33 +0000 (19:41 -0800)
commit6188a793560673dd0fbd72a683d16d51e0b83a44
tree794b647e0c0e73c29db4c45038c9d631d18da937tree | snapshot (zip tar.gz)
parent64c6f696e995078ec5c7dc1b531ddebae6bb3d76commit | diff
security/core#16 - Smarty - Fix XSS in crmMoney plugin

This fixes an XSS in the crmMoney smarty plugin by checking the
currency against the currency list and adds some basic tests.

Fixes security/core#16
CRM/Utils/Money.php diff | blob | blame | history
tests/phpunit/CRM/Core/Smarty/plugins/CrmMoneyTest.php [new file with mode: 0644] blob
tests/phpunit/CRM/Utils/MoneyTest.php diff | blob | blame | history