Merge remote-tracking branch 'remotes/dev/1.3' into 1.3

CHANGELOG.md

@@ -1,3 +1,23 @@
+CHANGELOG for 1.3.2
+===================
+This changelog references the relevant changes (new features, changes and bugs) done in 1.3.2 versions.
+
+* 1.3.2 (2014-09-22)
+ * Stored XSS Vulnerability fixes
+    * added "|json_encode|raw" for values outputted in JS objects
+    * removed "|raw" from outputs of path in url attributes
+    * added "e('html_attr')|raw" when outputting html attributes
+    * removed mentions of "flexible entity" and unused code
+    * added validator for css field of embedded form, now if user will enter html tags in this field he will get an error message
+    * added stiptags filter for css of embedded forms
+    * changed translation message oro.entity_config.records_count.label to contain placeholder of records count and use UI.link macros in template instead of slicing str
+    * changed method of validation of emails on the client, old validation was working very slowly with some values like '"><img src=d onerror=confirm(/provensec/);>', n
+    * removed "trans|raw" where it's not required
+    * minor changes in templates to improve readability
+    * added Email validator for Lead
+    * fixed XSS vulnerability in Leads, Case Comments, Notes, Embedded forms, Emails, Business Units, Breadcrumbs
+    * fixed escaping of page title
+
 CHANGELOG for 1.3.1
 ===================
 This changelog references the relevant changes (new features, changes and bugs) done in 1.3.1 versions.

composer.json

@@ -22,7 +22,7 @@
     ],
     "require": {
         "php": ">=5.4.4",
-        "oro/platform": "1.3.x-dev"
+        "oro/platform": "1.3.*"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,