Skip to content
Snippets Groups Projects
Commit 776ae347 authored by Uma's avatar Uma
Browse files

Merge branch 'security_fix' into '7.4.0' 

HTML injection fix for compose email popup



See merge request !801
parents 7923ea63 0f5e5bc5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
+ 1
1
View file @ 776ae347
...@@ -47,7 +47,7 @@ ...@@ -47,7 +47,7 @@
</div> </div>
<div class="col-lg-6"> <div class="col-lg-6">
{if !empty($TO)} {if !empty($TO)}
{assign var=TO_EMAILS value=","|implode:$TO} {assign var=TO_EMAILS value=","|implode:$TO|htmlentities}
{/if} {/if}
<input id="emailField" style="width:100%" name="toEmail" type="text" class="autoComplete sourceField select2" data-rule-required="true" data-rule-multiEmails="true" value="{$TO_EMAILS}" placeholder="{vtranslate('LBL_TYPE_AND_SEARCH',$MODULE)}"> <input id="emailField" style="width:100%" name="toEmail" type="text" class="autoComplete sourceField select2" data-rule-required="true" data-rule-multiEmails="true" value="{$TO_EMAILS}" placeholder="{vtranslate('LBL_TYPE_AND_SEARCH',$MODULE)}">
</div> </div>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright 2023 Vtiger. All rights reserved.