Merge pull request #678 from th-h/master

Escape version string in update notifier.
2020-03-20 19:08:46 +01:00 · 2020-03-20 19:08:46 +01:00 · 2a58548bd3
commit 2a58548bd3
parent bf59bca988 98944d8b14
2 changed files with 4 additions and 2 deletions
--- a/docs/NEWS
+++ b/docs/NEWS
@ -1,6 +1,8 @@
 Version 2.4-alpha1 ()
 ------------------------------------------------------------------------
   * Fix: Escape version string in update notifier to avoid XSS.
   * Fix: Prevent renaming a ML object into an existing file,
          resulting in deletion of both from disk and database.
--- a/templates/2k11/admin/overview.inc.tpl
+++ b/templates/2k11/admin/overview.inc.tpl
@ -30,7 +30,7 @@
            <section id="dashboard_update">
                <h3>{$CONST.UPDATE_NOTIFICATION}</h3>
-                <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$CONST.NEW_VERSION_AVAILABLE} {$curVersion}</span>
+                <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$CONST.NEW_VERSION_AVAILABLE} {$curVersion|escape}</span>
                {$updateButton}
            </section>
            <hr class="separator">
@ -41,7 +41,7 @@
        <section id="dashboard_plugin_updates">
            <h3>{$CONST.UPDATE_NOTIFICATION}</h3>
-            <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$pluginUpdates}</span>
+            <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$pluginUpdates|escape}</span>
        </section>
        <hr class="separator">
    {/if}