-
When "context" is passed as a GET parameter, ensure that its values is a valid "Alphanumeric" type. This helps prevent XSS when the "context" value finds its way into templates that lack HTML output encoding. Replace... CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3 ...with... CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3 Also search for the following and manually fix: \$_GET\[(['"])context\1\] \$_POST\[(['"])context\1\] \$_REQUEST\[(['"])context\1\]
edc80cda