Mahara

Leaving institution and set password email not escaped for HTML

Bug #802347 reported by Hugh Davenport on 2011-06-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Low	Hugh Davenport	Mahara 1.5.0

Bug Description

The email sent when a user leaves an institution and needs to set a password is not escaped.

Revision history for this message

Hugh Davenport (hugh-davenport) wrote on 2011-06-27:

https://reviews.mahara.org/395

Revision history for this message

François Marier (fmarier) wrote on 2011-06-27:

I don't think that this is a security problem, however, if it were, it shouldn't be submitted to gerrit because that makes the vulnerability public :)

security vulnerability:	yes → no
visibility:	private → public
Changed in mahara:
status:	In Progress → Fix Committed
milestone:	none → 1.5.0

Melissa Draper (melissa) on 2012-04-18

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.