[Php-blog-plugin-cvs] additional_plugins/serendipity_event_freetag ChangeLog, 1.43, 1.44 serendipit
A reliable, secure & extensible PHP blog | Not mainstream since 2002
Brought to you by:
garvinhicking,
jhermanns
From: Garvin H. <gar...@us...> - 2011-05-30 20:25:26
|
Update of /cvsroot/php-blog/additional_plugins/serendipity_event_freetag In directory vz-cvs-2.sog:/tmp/cvs-serv20438 Modified Files: ChangeLog serendipity_event_freetag.php Log Message: SSCHADV2011-004 Index: ChangeLog =================================================================== RCS file: /cvsroot/php-blog/additional_plugins/serendipity_event_freetag/ChangeLog,v retrieving revision 1.43 retrieving revision 1.44 diff -u -d -r1.43 -r1.44 --- ChangeLog 9 May 2011 08:19:30 -0000 1.43 +++ ChangeLog 30 May 2011 20:25:24 -0000 1.44 @@ -1,3 +1,8 @@ +3.22: +----- + +Fix possible XSS, reported by Stefan Schurtz (SSCHADV2011-004) + 3.21: ----- Index: serendipity_event_freetag.php =================================================================== RCS file: /cvsroot/php-blog/additional_plugins/serendipity_event_freetag/serendipity_event_freetag.php,v retrieving revision 1.148 retrieving revision 1.149 diff -u -d -r1.148 -r1.149 --- serendipity_event_freetag.php 9 May 2011 08:19:30 -0000 1.148 +++ serendipity_event_freetag.php 30 May 2011 20:25:24 -0000 1.149 @@ -70,7 +70,7 @@ 'smarty' => '2.6.7', 'php' => '4.1.0' )); - $propbag->add('version', '3.21'); + $propbag->add('version', '3.22'); $propbag->add('event_hooks', array( 'frontend_fetchentries' => true, 'frontend_fetchentry' => true, @@ -1261,7 +1261,7 @@ global $serendipity; $tags = $this->getTagCloudTags($tag); - $serendipity['smarty']->assign('freetag_tagTitle', is_array($this->displayTag) ? implode(' + ',$this->displayTag) : $this->displayTag); + $serendipity['smarty']->assign('freetag_tagTitle', htmlspecialchars(is_array($this->displayTag) ? implode(' + ',$this->displayTag) : $this->displayTag)); if (!empty($tags)) { $serendipity['smarty']->assign('freetag_hasTags', true); |