Magento XSS Vulnerability Introduction not to mention Baidu a bit everywhere is
Here is a simple record of the processing process, (more rough, whether the validity has not been verified)
Edit
App/design/adminhtml/default/default/template/sales/order/view/info.phtml
File
Search Getcustomeremail
There are two output calls
Using the Htmlentities method to filter the processing can be as follows:
<TD class= "value" > <a href= "mailto:<?php Echo htmlentities ($_order->getcustomeremail ());?>" > & Lt;strong> <?php Echo htmlentities ($_order->getcustomeremail ());?> </strong> </a>< ;/td>
PS: The main is the cloud ECS old Hint security problem, so after the annoying hint is gone, as to whether effectively available, there is need can be verified under, if there is no welcome to shoot bricks:)
This article from "Micro-desire for-micro-life" blog, declined to reprint!
Magento < 1.9 XSS bug fix description