From def307010c388c4e92d7066671ad62e477cc087a Mon Sep 17 00:00:00 2001 From: James Cole Date: Mon, 15 Jul 2019 19:12:20 +0200 Subject: [PATCH] Fix #2335, attempt 2. --- .sandstorm/changelog.md | 2 +- .sandstorm/sandstorm-pkgdef.capnp | 2 +- .travis.yml | 2 +- app/Support/Twig/Extension/Transaction.php | 16 ++++++++-------- changelog.md | 2 +- config/firefly.php | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.sandstorm/changelog.md b/.sandstorm/changelog.md index 6ffcc52bc5..13b38d665b 100644 --- a/.sandstorm/changelog.md +++ b/.sandstorm/changelog.md @@ -1,4 +1,4 @@ -# 4.7.17.1 (API 0.9.2) +# 4.7.17.2 (API 0.9.2) - XSS bug in budget title. # 4.7.17 (API 0.9.2) diff --git a/.sandstorm/sandstorm-pkgdef.capnp b/.sandstorm/sandstorm-pkgdef.capnp index d78701e8aa..cdec1b1794 100644 --- a/.sandstorm/sandstorm-pkgdef.capnp +++ b/.sandstorm/sandstorm-pkgdef.capnp @@ -16,7 +16,7 @@ const pkgdef :Spk.PackageDefinition = ( manifest = ( appTitle = (defaultText = "Firefly III"), appVersion = 28, - appMarketingVersion = (defaultText = "4.7.17.1"), + appMarketingVersion = (defaultText = "4.7.17.2"), actions = [ # Define your "new document" handlers here. diff --git a/.travis.yml b/.travis.yml index 0a9aa870af..6716f0f425 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ sudo: required language: bash env: - - VERSION=4.7.17.1 + - VERSION=4.7.17.2 dist: xenial diff --git a/app/Support/Twig/Extension/Transaction.php b/app/Support/Twig/Extension/Transaction.php index 9137ee1e9f..8894eff09c 100644 --- a/app/Support/Twig/Extension/Transaction.php +++ b/app/Support/Twig/Extension/Transaction.php @@ -132,13 +132,13 @@ class Transaction extends Twig_Extension // journal has a budget: if (null !== $transaction->transaction_journal_budget_id) { $name = $transaction->transaction_journal_budget_name; - $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_journal_budget_id]), $name, $name); + $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_journal_budget_id]), e($name), e($name)); } // transaction has a budget if (null !== $transaction->transaction_budget_id && '' === $txt) { $name = $transaction->transaction_budget_name; - $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_budget_id]), $name, $name); + $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_budget_id]), e($name), e($name)); } if ('' === $txt) { @@ -150,7 +150,7 @@ class Transaction extends Twig_Extension if ($budgets->count() > 0) { $str = []; foreach ($budgets as $budget) { - $str[] = sprintf('%s', route('budgets.show', [$budget->id]), $budget->name, $budget->name); + $str[] = sprintf('%s', route('budgets.show', [$budget->id]), e($budget->name), e($budget->name)); } $txt = implode(', ', $str); } @@ -170,13 +170,13 @@ class Transaction extends Twig_Extension // journal has a category: if (null !== $transaction->transaction_journal_category_id) { $name = $transaction->transaction_journal_category_name; - $txt = sprintf('%s', route('categories.show', [$transaction->transaction_journal_category_id]), $name, $name); + $txt = sprintf('%s', route('categories.show', [$transaction->transaction_journal_category_id]), e($name), e($name)); } // transaction has a category: if (null !== $transaction->transaction_category_id && '' === $txt) { $name = $transaction->transaction_category_name; - $txt = sprintf('%s', route('categories.show', [$transaction->transaction_category_id]), $name, $name); + $txt = sprintf('%s', route('categories.show', [$transaction->transaction_category_id]), e($name), e($name)); } if ('' === $txt) { @@ -188,7 +188,7 @@ class Transaction extends Twig_Extension if ($categories->count() > 0) { $str = []; foreach ($categories as $category) { - $str[] = sprintf('%s', route('categories.show', [$category->id]), $category->name, $category->name); + $str[] = sprintf('%s', route('categories.show', [$category->id]), e($category->name), e($category->name)); } $txt = implode(', ', $str); @@ -266,7 +266,7 @@ class Transaction extends Twig_Extension return $txt; } - $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), $iban); + $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), e($iban)); return $txt; } @@ -419,7 +419,7 @@ class Transaction extends Twig_Extension return $txt; } - $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), $iban); + $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), e($iban)); return $txt; } diff --git a/changelog.md b/changelog.md index 7a0b68b7b6..9ad4d37c3b 100644 --- a/changelog.md +++ b/changelog.md @@ -2,7 +2,7 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [4.7.17.1 (API 0.9.2)] - 2019-07-15 +## [4.7.17.2 (API 0.9.2)] - 2019-07-15 - XSS bug in budget title. diff --git a/config/firefly.php b/config/firefly.php index bddb70e10c..9c481fe5f4 100644 --- a/config/firefly.php +++ b/config/firefly.php @@ -93,7 +93,7 @@ return [ 'is_demo_site' => false, ], 'encryption' => null === env('USE_ENCRYPTION') || env('USE_ENCRYPTION') === true, - 'version' => '4.7.17.1', + 'version' => '4.7.17.2', 'api_version' => '0.9.2', 'db_version' => 10, 'maxUploadSize' => 15242880,