From b39d872035facb00918e61ca23b79bf7427b8358 Mon Sep 17 00:00:00 2001
From: Victor Boctor <victor@mantishub.net>
Date: Mon, 19 Aug 2019 18:53:53 -0700
Subject: [PATCH 1/2] Update release to 2.21.2

---
 core/constant_inc.php                              |  2 +-
 docbook/Admin_Guide/en-US/Revision_History.xml     | 14 ++++++++++++++
 .../Developers_Guide/en-US/Revision_History.xml    | 14 ++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/core/constant_inc.php b/core/constant_inc.php
index 332357871c..bc847b5e49 100644
--- a/core/constant_inc.php
+++ b/core/constant_inc.php
@@ -21,7 +21,7 @@
 /**
  * Mantis Version
  */
-define( 'MANTIS_VERSION', '2.21.1' );
+define( 'MANTIS_VERSION', '2.21.2' );
 define( 'FILTER_VERSION', 'v9' );
 
 # --- constants -------------------
diff --git a/docbook/Admin_Guide/en-US/Revision_History.xml b/docbook/Admin_Guide/en-US/Revision_History.xml
index e8ca8cef35..b99baa7a6a 100644
--- a/docbook/Admin_Guide/en-US/Revision_History.xml
+++ b/docbook/Admin_Guide/en-US/Revision_History.xml
@@ -5,6 +5,20 @@
 	<title>Revision History</title>
 	<simpara>
 		<revhistory>
+			<revision>
+				<revnumber>2.21-2</revnumber>
+				<date>Mon Aug 19 2019</date>
+				<author>
+					<firstname>Victor</firstname>
+					<surname>Boctor</surname>
+					<email>vboctor@mantisbt.org</email>
+				</author>
+				<revdescription>
+					<simplelist>
+						<member>Release 2.21.2</member>
+					</simplelist>
+				</revdescription>
+			</revision>
 			<revision>
 				<revnumber>2.21-1</revnumber>
 				<date>Thu Jun 13 2019</date>
diff --git a/docbook/Developers_Guide/en-US/Revision_History.xml b/docbook/Developers_Guide/en-US/Revision_History.xml
index 7c85537015..8c605603db 100644
--- a/docbook/Developers_Guide/en-US/Revision_History.xml
+++ b/docbook/Developers_Guide/en-US/Revision_History.xml
@@ -7,6 +7,20 @@
 	<title>Revision History</title>
 	<simpara>
 		<revhistory>
+			<revision>
+				<revnumber>2.21-2</revnumber>
+				<date>Mon Aug 19 2019</date>
+				<author>
+					<firstname>Victor</firstname>
+					<surname>Boctor</surname>
+					<email>vboctor@mantisbt.org</email>
+				</author>
+				<revdescription>
+					<simplelist>
+						<member>Release 2.21.2</member>
+					</simplelist>
+				</revdescription>
+			</revision>
 			<revision>
 				<revnumber>2.21-1</revnumber>
 				<date>Thu Jun 13 2019</date>

From bd094dede74ff6e313e286e949e2387233a96eea Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Sun, 25 Aug 2019 11:52:41 +0200
Subject: [PATCH 2/2] Fix XSS on project documentation

Vulnerability in deprecated project documentation functionality
($g_enable_project_documentation), allowing execution of arbitrary
code (if CSP settings permit it) after uploading an attachment with a
crafted filename.

Prevent the attack by sanitizing the filename before display.

Fixes #26078
---
 proj_doc_edit_page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proj_doc_edit_page.php b/proj_doc_edit_page.php
index 10287277c7..759bc1bd01 100644
--- a/proj_doc_edit_page.php
+++ b/proj_doc_edit_page.php
@@ -122,7 +122,7 @@
 			$t_href = '<a href="file_download.php?file_id='.$v_id.'&amp;type=doc">';
 			echo $t_href;
 			print_file_icon( $v_filename );
-			echo '</a>&#160;' . $t_href . file_get_display_name( $v_filename ) . '</a>';
+			echo '</a>&#160;' . $t_href . string_html_specialchars( file_get_display_name( $v_filename ) ) . '</a>';
 		?>
 	</td>
 </tr>