View Issue Details

IDProjectCategoryView StatusLast Update
0025972mantisbtcustom fieldspublic2020-09-11 12:11
Reportercproensa Assigned Tocproensa  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.22.0 
Target Version2.23.0Fixed in Version2.23.0 
Summary0025972: Use custom field regular expression in the html input
Description

When a custom field has an associated regular expression, this regexp should be included in the html input pattern attribute.

TagsNo tags attached.

Relationships

related to 0027275 closeddregad CVE-2020-25288: HTML Injection on bug_update_page.php 

Activities

Related Changesets

MantisBT: master 7786bfd5

2019-08-06 19:13:28

cproensa


Committer: vboctor Details Diff
Use html regex validation for string custom fields

Use the custom field configured regex in the html input "pattern"
attribute.
This is only supported (natively in html5) for text inputs, not
textareas.

Fixes: 0025972
Affected Issues
0025972
mod - core/cfdefs/cfdef_standard.php Diff File