laminas-form

The Laminas\Form is intended primarily as a bridge between your domain models and the View Layer. It composes a thin layer of objects representing form elements, an InputFilter, and a small number of methods for binding data to and from the form and attached objects.

CVE-2022-23598 states that versions earlier than 2.7.14 are vulnerable, but that is not correct for at least version 2.6.0.

The problem in the CVE lies in missing HTML escaping when displaying error messages.

However, the function FormElementErrors::render() does HTML escaping in 2.6.0. This gets removed in version 2.12.0 and is added again in 2.14.2 as a bugfix for the CVE.

File issues at https://github.com/laminas/laminas-form/issues
Documentation is at https://docs.laminas.dev/laminas-form

Name		Name	Last commit message	Last commit date
Latest commit History 8,328 Commits
src		src
test		test
.coveralls.yml		.coveralls.yml
.gitattributes		.gitattributes
.gitignore		.gitignore
.php_cs		.php_cs
.travis.yml		.travis.yml
CHANGELOG.md		CHANGELOG.md
COPYRIGHT.md		COPYRIGHT.md
LICENSE.md		LICENSE.md
README.md		README.md
composer.json		composer.json
phpunit.xml.dist		phpunit.xml.dist

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

laminas-form

About

Uh oh!

Releases

Packages

Contributors 166

Uh oh!

Languages

License

bareos/laminas-form

Folders and files

Latest commit

History

Repository files navigation

laminas-form

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Contributors 166

Uh oh!

Languages

Packages