View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0019007||phpList 3 application||Message Send Process||public||29-12-17 06:17||02-07-18 10:12|
|Target Version||3.3.4||Fixed in Version||3.3.3|
|Summary||0019007: Several values are not htmlescaped when composing a campaign|
|Description||A problem reported in the forums when composing a campaign and specifying the text part manually https://discuss.phplist.org/t/url-for-paypal-donation-destroyed-in-text-message-window/3517/8|
part of a url in the text message was being treated as an html entity because the text was not being html escaped.
A quick look shows quite a few more message fields and translated texts that also are not escaped.
several email addresses
several translations, i.e. s('...')
|Tags||No tags attached.|