Details
-
Bug
-
Resolution: Done
-
Medium
-
None
-
None
-
None
Description
As described in:
https://github.com/ezsystems/ezplatform-admin-ui/pull/1211
There is a Symfony bugfix, which should be adapt for our ChoiceLoaders implementations in all bundles. In effect the user form input will be narrowed to available choices and will be safe of unexpected values.
Example outdated class to adapt:
\EzSystems\EzPlatformAdminUi\Form\Type\ChoiceList\Loader\ContentCreateContentTypeChoiceLoader
Attachments
Issue Links
- discovered while testing
-
EZP-31297 Persistent XSS in user preferences
- Closed