MDL-62947 core_form: fix remote code execution exploit in QuickForms