vcs.fsf.org Git - civicrm-core.git/commit

author	Sean Madsen <sean@seanmadsen.com>
	Sun, 22 Apr 2018 13:53:29 +0000 (09:53 -0400)
committer	Tim Otten <totten@civicrm.org>
	Wed, 18 Jul 2018 21:55:05 +0000 (14:55 -0700)
commit	845098507e0d38639b4f4d354b63b85763b3893d
tree	326c51e217fe8328df7c19bcd0e1ac403060d4cb	tree \| snapshot (zip tar.gz)
parent	1904616667eafbf9504b5f3d4eced9c7ceb38a27	commit \| diff

security/core#3 Improve output escaping for errors

- In the template, use either `escape` or `purify` for all outputs.
- Remove `htmlspecialchars()` call in PHP since it's now happening in
Smarty via `escape`.

CRM/Core/Error.php		diff \| blob \| blame \| history
templates/CRM/common/fatal.tpl		diff \| blob \| blame \| history

RSS Atom