Skip to content
Permalink
Browse files Browse the repository at this point in the history
Addressed stored XSS vulnerability when displaying primary group name.
  • Loading branch information
anuko committed Feb 23, 2022
1 parent bb7d08f commit 6aaad31
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion WEB-INF/lib/ttUser.class.php
Expand Up @@ -834,7 +834,7 @@ function getUserPartForHeader() {
$user_part .= ', <span class="onBehalf">'.htmlspecialchars($this->behalf_group_name).'</span>';
} else {
if ($this->group_name) // Note: we did not require group names in the past.
$user_part .= ', '.$this->group_name;
$user_part .= ', '.htmlspecialchars($this->group_name);
}
return $user_part;
}
Expand Down
2 changes: 1 addition & 1 deletion initialize.php
Expand Up @@ -12,7 +12,7 @@
// Disable displaying errors on screen.
ini_set('display_errors', 'Off');

define("APP_VERSION", "1.20.0.5645");
define("APP_VERSION", "1.20.0.5646");
define("APP_DIR", dirname(__FILE__));
define("LIBRARY_DIR", APP_DIR."/WEB-INF/lib");
define("TEMPLATE_DIR", APP_DIR."/WEB-INF/templates");
Expand Down

0 comments on commit 6aaad31

Please sign in to comment.