mahara-contributors team mailing list archive

Thread
Date

[Bug 669307] Re: User content not escaped in groupviews blocktype

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Mon, 08 Nov 2010 01:04:42 -0000
Reply-to: Bug 669307 <669307@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Visibility changed to: Public

-- 
User content not escaped in groupviews blocktype
https://bugs.launchpad.net/bugs/669307
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: Fix Released

Bug description:
A small number of templates still have auto_escape disabled.  These didn't get updated before 1.3 because they were being worked on in parallel with the review of all templates.  One of these templates displays unescaped html: blocktype/groupviews/theme/raw/groupviews.tpl; the others are okay.

Affects master and 1.3 stable only. This template doesn't exist in 1.2.x and the template it got copied from was fixed independently.