This is a follow-up to https://www.drupal.org/sa-contrib-2022-034, where we identified that the same vulnerability does not exist in Backdrop core. We would like to include the same sanitization tests, so that we can continue to test sanitization against any future changes to link handling.
GitHub Issue #:
5613
Recent comments
This was tricky, so i tried to stay minimal and try to snatch the very first procedure after file upload and inject rehashing there. The file is tinymce.pages.inc under the function...
File hashing uploads made through TinyMCE
Bee's great. But if you don't want to install bee, or can't, or you already have a bunch of scripts you're used to using in D7, then the method I posted is quick and easy and all you really...
How to create a command-line (cli) routine or script (bee not required)
Or you can install bee, get the benefit of all the included functions and either include your script using: bee php-script ../my-scripts/scratch.php https://github.com/backdrop-...
How to create a command-line (cli) routine or script (bee not required)