#4505 closed defect (bug) (fixed)
default theme's REQUEST_URI should be attribute_escape (d)
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 2.0.11 | Priority: | normal |
Severity: | normal | Version: | 2.0.10 |
Component: | Template | Keywords: | |
Focuses: | Cc: |
Description
Unescaped, same as what was just fixed in 2.2.x but not yet in RC3.
<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
I thought you were continuing to support this branch.
Change History (8)
Note: See
TracTickets for help on using
tickets.
The change is in trac: [5680], but doesn't seem to have made it into the ZIP file on the release archive page. Don't know why, but I think that RC3 just needs to be rebuilt from SVN or something. Or go to RC4.