mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2024-11-26 19:00:22 -06:00
Fix #2335, attempt 2.
This commit is contained in:
parent
45b8c36272
commit
def307010c
@ -1,4 +1,4 @@
|
||||
# 4.7.17.1 (API 0.9.2)
|
||||
# 4.7.17.2 (API 0.9.2)
|
||||
- XSS bug in budget title.
|
||||
|
||||
# 4.7.17 (API 0.9.2)
|
||||
|
@ -16,7 +16,7 @@ const pkgdef :Spk.PackageDefinition = (
|
||||
manifest = (
|
||||
appTitle = (defaultText = "Firefly III"),
|
||||
appVersion = 28,
|
||||
appMarketingVersion = (defaultText = "4.7.17.1"),
|
||||
appMarketingVersion = (defaultText = "4.7.17.2"),
|
||||
|
||||
actions = [
|
||||
# Define your "new document" handlers here.
|
||||
|
@ -1,7 +1,7 @@
|
||||
sudo: required
|
||||
language: bash
|
||||
env:
|
||||
- VERSION=4.7.17.1
|
||||
- VERSION=4.7.17.2
|
||||
|
||||
dist: xenial
|
||||
|
||||
|
@ -132,13 +132,13 @@ class Transaction extends Twig_Extension
|
||||
// journal has a budget:
|
||||
if (null !== $transaction->transaction_journal_budget_id) {
|
||||
$name = $transaction->transaction_journal_budget_name;
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_journal_budget_id]), $name, $name);
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_journal_budget_id]), e($name), e($name));
|
||||
}
|
||||
|
||||
// transaction has a budget
|
||||
if (null !== $transaction->transaction_budget_id && '' === $txt) {
|
||||
$name = $transaction->transaction_budget_name;
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_budget_id]), $name, $name);
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_budget_id]), e($name), e($name));
|
||||
}
|
||||
|
||||
if ('' === $txt) {
|
||||
@ -150,7 +150,7 @@ class Transaction extends Twig_Extension
|
||||
if ($budgets->count() > 0) {
|
||||
$str = [];
|
||||
foreach ($budgets as $budget) {
|
||||
$str[] = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$budget->id]), $budget->name, $budget->name);
|
||||
$str[] = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$budget->id]), e($budget->name), e($budget->name));
|
||||
}
|
||||
$txt = implode(', ', $str);
|
||||
}
|
||||
@ -170,13 +170,13 @@ class Transaction extends Twig_Extension
|
||||
// journal has a category:
|
||||
if (null !== $transaction->transaction_journal_category_id) {
|
||||
$name = $transaction->transaction_journal_category_name;
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_journal_category_id]), $name, $name);
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_journal_category_id]), e($name), e($name));
|
||||
}
|
||||
|
||||
// transaction has a category:
|
||||
if (null !== $transaction->transaction_category_id && '' === $txt) {
|
||||
$name = $transaction->transaction_category_name;
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_category_id]), $name, $name);
|
||||
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_category_id]), e($name), e($name));
|
||||
}
|
||||
|
||||
if ('' === $txt) {
|
||||
@ -188,7 +188,7 @@ class Transaction extends Twig_Extension
|
||||
if ($categories->count() > 0) {
|
||||
$str = [];
|
||||
foreach ($categories as $category) {
|
||||
$str[] = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$category->id]), $category->name, $category->name);
|
||||
$str[] = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$category->id]), e($category->name), e($category->name));
|
||||
}
|
||||
|
||||
$txt = implode(', ', $str);
|
||||
@ -266,7 +266,7 @@ class Transaction extends Twig_Extension
|
||||
return $txt;
|
||||
}
|
||||
|
||||
$txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), $iban);
|
||||
$txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), e($iban));
|
||||
|
||||
return $txt;
|
||||
}
|
||||
@ -419,7 +419,7 @@ class Transaction extends Twig_Extension
|
||||
return $txt;
|
||||
}
|
||||
|
||||
$txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), $iban);
|
||||
$txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), e($iban));
|
||||
|
||||
return $txt;
|
||||
}
|
||||
|
@ -2,7 +2,7 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
## [4.7.17.1 (API 0.9.2)] - 2019-07-15
|
||||
## [4.7.17.2 (API 0.9.2)] - 2019-07-15
|
||||
|
||||
- XSS bug in budget title.
|
||||
|
||||
|
@ -93,7 +93,7 @@ return [
|
||||
'is_demo_site' => false,
|
||||
],
|
||||
'encryption' => null === env('USE_ENCRYPTION') || env('USE_ENCRYPTION') === true,
|
||||
'version' => '4.7.17.1',
|
||||
'version' => '4.7.17.2',
|
||||
'api_version' => '0.9.2',
|
||||
'db_version' => 10,
|
||||
'maxUploadSize' => 15242880,
|
||||
|
Loading…
Reference in New Issue
Block a user