ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

« Previous | Next » 

Revision cb2086f6

ID: cb2086f652eb9e3d5850612d62e60874212574ee
Added by Holger Just at 2011-10-31 05:22 pm

[#647] Fix XSS in textile image syntax.

Image URLs are not properly escaped in the bundled RedCloth3 library.
It thus allowed an XSS vector.

The patch was adapted from r7570 from Redmine by Etiene Massip. See also
http://www.redmine.org/issues/9245.