Source Control Integration

Author	Committer	Branch	Timestamp	Parent
dregad	dregad	master-2.28	2026-04-11 15:58	master-2.28 8fc74f44
Affected Issues	0037011: CVE-2026-40596: XSS leading to account takeover via updating a user's font family preference
Changeset	Abort updating preferences if font is unknown Check that the font_family value exists in the list of available fonts prior to updating the user's preference. If not, we throw an invalid parameter Exception. Fixes 0037011, GHSA-j3v9-553h-x28j
Changeset	mod - account_prefs_update.php			Diff File