Fix #2335, attempt 2.

2024-11-22 17:06:39 -06:00 · 2019-07-15 19:12:20 +02:00 · 2019-07-15 19:12:20 +02:00 · def307010c
commit def307010c
parent 45b8c36272
6 changed files with 13 additions and 13 deletions
--- a/.sandstorm/changelog.md
+++ b/.sandstorm/changelog.md
@ -1,4 +1,4 @@
-# 4.7.17.1 (API 0.9.2)
+# 4.7.17.2 (API 0.9.2)
 - XSS bug in budget title.

 # 4.7.17 (API 0.9.2)
--- a/.sandstorm/sandstorm-pkgdef.capnp
+++ b/.sandstorm/sandstorm-pkgdef.capnp
@ -16,7 +16,7 @@ const pkgdef :Spk.PackageDefinition = (
  manifest = (
    appTitle = (defaultText = "Firefly III"),
    appVersion = 28,
-    appMarketingVersion = (defaultText = "4.7.17.1"),
+    appMarketingVersion = (defaultText = "4.7.17.2"),

    actions = [
      # Define your "new document" handlers here.
--- a/.travis.yml
+++ b/.travis.yml
@ -1,7 +1,7 @@
 sudo: required
 language: bash
 env:
-  - VERSION=4.7.17.1
+  - VERSION=4.7.17.2

 dist: xenial

--- a/app/Support/Twig/Extension/Transaction.php
+++ b/app/Support/Twig/Extension/Transaction.php
@ -132,13 +132,13 @@ class Transaction extends Twig_Extension
        // journal has a budget:
        if (null !== $transaction->transaction_journal_budget_id) {
            $name = $transaction->transaction_journal_budget_name;
-            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_journal_budget_id]), $name, $name);
+            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_journal_budget_id]), e($name), e($name));
        }

        // transaction has a budget
        if (null !== $transaction->transaction_budget_id && '' === $txt) {
            $name = $transaction->transaction_budget_name;
-            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_budget_id]), $name, $name);
+            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_budget_id]), e($name), e($name));
        }

        if ('' === $txt) {
@ -150,7 +150,7 @@ class Transaction extends Twig_Extension
            if ($budgets->count() > 0) {
                $str = [];
                foreach ($budgets as $budget) {
-                    $str[] = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$budget->id]), $budget->name, $budget->name);
+                    $str[] = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$budget->id]), e($budget->name), e($budget->name));
                }
                $txt = implode(', ', $str);
            }
@ -170,13 +170,13 @@ class Transaction extends Twig_Extension
        // journal has a category:
        if (null !== $transaction->transaction_journal_category_id) {
            $name = $transaction->transaction_journal_category_name;
-            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_journal_category_id]), $name, $name);
+            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_journal_category_id]), e($name), e($name));
        }

        // transaction has a category:
        if (null !== $transaction->transaction_category_id && '' === $txt) {
            $name = $transaction->transaction_category_name;
-            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_category_id]), $name, $name);
+            $txt  = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_category_id]), e($name), e($name));
        }

        if ('' === $txt) {
@ -188,7 +188,7 @@ class Transaction extends Twig_Extension
            if ($categories->count() > 0) {
                $str = [];
                foreach ($categories as $category) {
-                    $str[] = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$category->id]), $category->name, $category->name);
+                    $str[] = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$category->id]), e($category->name), e($category->name));
                }

                $txt = implode(', ', $str);
@ -266,7 +266,7 @@ class Transaction extends Twig_Extension
            return $txt;
        }

-        $txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), $iban);
+        $txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), e($iban));

        return $txt;
    }
@ -419,7 +419,7 @@ class Transaction extends Twig_Extension
            return $txt;
        }

-        $txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), $iban);
+        $txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), e($iban));

        return $txt;
    }
--- a/changelog.md
+++ b/changelog.md
@ -2,7 +2,7 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).

-## [4.7.17.1 (API 0.9.2)] - 2019-07-15
+## [4.7.17.2 (API 0.9.2)] - 2019-07-15

 - XSS bug in budget title.

--- a/config/firefly.php
+++ b/config/firefly.php
@ -93,7 +93,7 @@ return [
        'is_demo_site'     => false,
    ],
    'encryption'                   => null === env('USE_ENCRYPTION') || env('USE_ENCRYPTION') === true,
-    'version'                      => '4.7.17.1',
+    'version'                      => '4.7.17.2',
    'api_version'                  => '0.9.2',
    'db_version'                   => 10,
    'maxUploadSize'                => 15242880,