@sgiehl opened this Pull Request on July 7th 2022 Member

Description:

fixes #19485

Review

@sgiehl commented on July 11th 2022 Member

@bx80 Those double encoding is actually a side effect of having the goal data automatically sanitized before being stored in the database (See e.g. https://github.com/matomo-org/matomo/issues/4231). I've now adjusted the Goals API so it unsanitizes the data before it's returned. I've tried to check & adjust all usages of the goals to ensure this won't open up any security issues. (There were at least some tooltips where it was possible to inject html code using html in the goal name).
So when reviewing the new changes you should also look through all places where goals are being used.

@MatomoForumNotifications commented on October 6th 2022

This pull request has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/warning-plugins-goals-api-php-117/47716/2

This Pull Request was closed on July 14th 2022
Powered by GitHub Issue Mirror