David Jardin
David Jardin
> As an img src the sanitisation is done BY the browser, even unsanitised svgs are fine The thing is: can we safely assume that an uploaded SVG is always...
> Honestly given how long ago that was I don't remember whether the clone operation was super relevant for that fix or not It's not, so the patch is fine...
@brianteeman we are planing a dedicated “router test suite” sprint for that reason :) so your feedback has been heard and appreciated!
@MarkRS-UK first of all: thank you for your PR, glad to have you on board :) From a security perspective I have one remark: you have modified the viewing permissions,...
> As far as I understand it, only displayed configuration data is available for saving Nope :) You can manipulate the saving request and add additional configuration flags that aren't...
> How does the current code prevent that? It doesn't because it's not necessary: If you can access the preferences you can access all of them - but your PR...
I have tested this item :white_check_mark: successfully on 8accc62b5515e7a52c38e53090d42e2f8a52a38cThis comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43164.
> > Execute the DB changes by navigating to System > Maintenance > Database and hit "Update Structure" > > @SniperSister This will only execute the DDL (data definition language)...
> anyway not a pr for a minor release if we still follow SEMver Why? It adds a new feature, the existing behavior remains unchanged.
@brianteeman thanks for testing! I've updated the test instructions to make the expected results more clear and also fixed the "invalid metadata" query in the description.