View Issue Details

IDProjectCategoryView StatusLast Update
0019007phpList 3 applicationMessage Send Processpublic02-07-18 10:12
Reporterduncanc 
PrioritynormalSeverityminorReproducibilitysometimes
Status resolvedResolutionfixed 
Product Version3.3.1 
Target Version3.3.4Fixed in Version3.3.3 
Summary0019007: Several values are not htmlescaped when composing a campaign
DescriptionA problem reported in the forums when composing a campaign and specifying the text part manually https://discuss.phplist.org/t/url-for-paypal-donation-destroyed-in-text-message-window/3517/8

part of a url in the text message was being treated as an html entity because the text was not being html escaped.

A quick look shows quite a few more message fields and translated texts that also are not escaped.

attachment description
several email addresses
several translations, i.e. s('...')
TagsNo tags attached.

Activities