CVE-2023-2322: Security fix in Properties Parameter (#14825) · pimcore/pimcore@9fc6748

Skip to content

Sign up

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

• For

  • Enterprise
  • Teams
  • Startups
  • Education

  By Solution

  • CI/CD & Automation
  • DevOps
  • DevSecOps

  Case Studies

  • Customer Stories
  • Resources

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections

• Pricing

• In this repository All GitHub

• No suggested jump to results

• In this repository All GitHub

• In this organization All GitHub

• In this repository All GitHub

Sign in

Sign up

pimcore / pimcore Public

• Notifications
• Fork 1.3k
• Star 2.8k

• Code
• Issues 604
• Pull requests 55
• Discussions
• Actions
• Security
• Insights

More

Permalink

Browse files

Browse the repository at this point in the history

Security fix in Properties Parameter (#14825)

• Loading branch information

aryaantony92 committed

Apr 18, 2023

1 parent fb3056a commit 9fc6748

Showing 1 changed file with 1 addition and 1 deletion.

2 changes: 1 addition & 1 deletion bundles/AdminBundle/Resources/public/js/pimcore/document/editables/link.js

Show comments View file

Expand Up

@@ -98,7 +98,7 @@ pimcore.document.editables.link = Class.create(pimcore.document.editable, {

text = this.data.path;

}

if (this.data.path || this.data.anchor || this.data.parameters) {

let fullpath = this.data.path + (this.data.parameters ? ‘?’ + this.data.parameters : ‘’) + (this.data.anchor ? ‘#’ + this.data.anchor : ‘’);

let fullpath = this.data.path + (this.data.parameters ? ‘?’ + Ext.util.Format.htmlEncode(this.data.parameters) : ‘’) + (this.data.anchor ? ‘#’ + Ext.util.Format.htmlEncode(this.data.anchor) : ‘’);

let displayHtml = Ext.util.Format.htmlEncode(text);

if (this.config.textPrefix !== undefined) {

Expand Down

0 comments on commit 9fc6748

Please sign in to comment.