Global navigation

   Documentation Center
   eZ Studio & eZ Platform
     User Manual
     Technical Manual
   eZ Publish 4.x / legacy

eZ Publish (5.x)

eZ Publish 5.x | For eZ Platform & eZ Studio topics see Technical manual and User manual, for eZ Publish 4.x and Legacy topics see eZ Publish legacy

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: ref. EZP-26840


Note that the naming scheme change introduced by this feature isn't enabled by default on 5.4.x. An alternative purge process has been implemented, that takes much more time, but is compatible with the existing format. More technical information can be found on the pull-request.


titleCode injection in image EXIF

EXIF metadata of an image may contain e.g. HTML, JavaScript, or PHP code. eZ Platform is itself does not parse EXIF metadata, but third-party bundles need to be secured against this eventuality. Images should be treated like any other user-submitted data - make sure the metadata is properly escaped before use.