Fix XSS from image comment exif field (#598)

2019-04-27 12:56:31 +02:00 · 2019-04-27 12:56:31 +02:00 · eda8f71065
commit eda8f71065
parent 57bb0b1e9a
2 changed files with 4 additions and 1 deletions
--- a/docs/NEWS
+++ b/docs/NEWS
@ -1,6 +1,9 @@

 Version 2.2.1-alpha2 ()
 ------------------------------------------------------------------------
+    * Security: Fix XSS in Editor Preview by interpreted EXIF tags
+                (thanks @hannob!)
+
    * Security: Fix XSS in Media Library by interpreted EXIF tags
                (thanks @hannob!)    

--- a/templates/2k11/admin/media_choose.tpl
+++ b/templates/2k11/admin/media_choose.tpl
@ -137,7 +137,7 @@

                <div id="image_comment" class="form_area">
                    <label for="serendipity_imagecomment">{$CONST.COMMENT}</label>
-                    <textarea id="serendipity_imagecomment" name="serendipity[imagecomment]" rows="5">{$media.file.props.base_property.COMMENT1|escape}</textarea>
+                    <textarea id="serendipity_imagecomment" name="serendipity[imagecomment]" rows="5">{$media.file.props.base_property.COMMENT1|escape|escape}</textarea>
                    {serendipity_hookPlugin hookAll=true hook='frontend_image_selector_imagecomment' eventData=$media.file}
                </div>