Skip to content

Commit b6f8a54

Browse files
committed
Merge remote-tracking branch 'basercms-GHSA-395x-wv32-44v5/advisory-fix-1' into dev-4
2 parents ed3dae0 + 19d075b commit b6f8a54

File tree

10 files changed

+10
-10
lines changed

10 files changed

+10
-10
lines changed

Diff for: app/webroot/theme/admin-third/Elements/admin/dblogs/index_row.php

100644100755
+1-1
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ class="bca-table-listup__tbody-td"
2222
<?= Hash::get($row, 'Dblog.id') ?>
2323
</td>
2424
<td class="bca-table-listup__tbody-td">
25-
<?= Hash::get($row, 'Dblog.name') ?>
25+
<?= h(Hash::get($row, 'Dblog.name')) ?>
2626
</td>
2727
<td class="bca-table-listup__tbody-td">
2828
<?php if ($row['Dblog']['user_id']): ?>

Diff for: app/webroot/theme/admin-third/Elements/admin/favorite_menu_row.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
<?php $this->BcBaser->link(
2222
'<span class="bca-nav-favorite-list-item-label">' . h($favorite['Favorite']['name']) . '</span>',
2323
$favorite['Favorite']['url'],
24-
['title' => Router::url($favorite['Favorite']['url'], true)]
24+
['title' => h(Router::url($favorite['Favorite']['url'], true))]
2525
) ?>
2626
<?php echo $this->BcForm->input('Favorite.id.' . $favorite['Favorite']['id'], ['type' => 'hidden', 'value' => $favorite['Favorite']['id'], 'class' => 'favorite-id']) ?>
2727
<?php echo $this->BcForm->input('Favorite.name.' . $favorite['Favorite']['id'], ['type' => 'hidden', 'value' => $favorite['Favorite']['name'], 'class' => 'favorite-name']) ?>

Diff for: app/webroot/theme/admin-third/Elements/admin/permissions/index_row.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
<td class="bca-table-listup__tbody-td">
4040
<?php $this->BcBaser->link($data['Permission']['name'], ['action' => 'edit', $this->request->params['pass'][0], $data['Permission']['id']], ['escape' => true]) ?>
4141
<br>
42-
<?php echo $data['Permission']['url']; ?>
42+
<?php echo h($data['Permission']['url']); ?>
4343
</td>
4444
<td class="bca-table-listup__tbody-td"><?php echo $this->BcText->arrayValue($data['Permission']['auth'], [0 => '×', 1 => '']) ?></td>
4545
<?php echo $this->BcListTable->dispatchShowRow($data) ?>

Diff for: app/webroot/theme/admin-third/Permissions/admin/form.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
<th class="col-head bca-form-table__label"><?php echo $this->BcForm->label('Permission.user_group_id', __d('baser', 'ユーザーグループ')) ?></th>
3131
<td class="col-input bca-form-table__input">
3232
<?php $userGroups = $this->BcForm->getControlSource('user_group_id') ?>
33-
<?php echo $userGroups[$this->BcForm->value('Permission.user_group_id')] ?>
33+
<?php echo h($userGroups[$this->BcForm->value('Permission.user_group_id')]) ?>
3434
<?php echo $this->BcForm->input('Permission.user_group_id', ['type' => 'hidden']) ?>
3535
</td>
3636
</tr>

Diff for: app/webroot/theme/admin-third/Users/admin/form.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ class="helptext"><?php echo __d('baser', 'ニックネームを設定してい
100100
<div id="helptextUserGroupId"
101101
class="helptext"><?php echo sprintf(__d('baser', 'ユーザーグループごとにコンテンツへのアクセス制限をかける場合などには%sより新しいグループを追加しアクセス制限の設定をおこないます。'), $this->BcBaser->getLink(__d('baser', 'ユーザーグループ管理'), ['controller' => 'user_groups', 'action' => 'index'])) ?></div>
102102
<?php else: ?>
103-
<?php echo $this->BcText->arrayValue($this->request->data['User']['user_group_id'], $userGroups) ?>
103+
<?php echo h($this->BcText->arrayValue($this->request->data['User']['user_group_id'], $userGroups)) ?>
104104
<?php echo $this->BcForm->input('User.user_group_id', ['type' => 'hidden']) ?>
105105
<?php endif ?>
106106
</td>

Diff for: lib/Baser/View/Elements/admin/dblogs/index_row.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ class="bca-table-listup__tbody-td"
2222
<?= Hash::get($row, 'Dblog.id') ?>
2323
</td>
2424
<td class="bca-table-listup__tbody-td">
25-
<?= Hash::get($row, 'Dblog.name') ?>
25+
<?= h(Hash::get($row, 'Dblog.name')) ?>
2626
</td>
2727
<td class="bca-table-listup__tbody-td">
2828
<?php if ($row['Dblog']['user_id']): ?>

Diff for: lib/Baser/View/Elements/admin/favorite_menu_row.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818

1919
<li id="FavoriteRow<?php echo h($favorite['Favorite']['name']) ?>">
2020
<?php $favorite['Favorite']['url'] = preg_replace('/^\/admin\//', '/' . BcUtil::getAdminPrefix() . '/', $favorite['Favorite']['url']) ?>
21-
<?php $this->BcBaser->link(h($favorite['Favorite']['name']), $favorite['Favorite']['url'], ['title' => Router::url($favorite['Favorite']['url'], true)]) ?>
21+
<?php $this->BcBaser->link(h($favorite['Favorite']['name']), $favorite['Favorite']['url'], ['title' => h(Router::url($favorite['Favorite']['url']), true)]) ?>
2222
<?php echo $this->BcForm->input('Favorite.id.' . $favorite['Favorite']['id'], ['type' => 'hidden', 'value' => $favorite['Favorite']['id'], 'class' => 'favorite-id']) ?>
2323
<?php echo $this->BcForm->input('Favorite.name.' . $favorite['Favorite']['id'], ['type' => 'hidden', 'value' => $favorite['Favorite']['name'], 'class' => 'favorite-name']) ?>
2424
<?php echo $this->BcForm->input('Favorite.url.' . $favorite['Favorite']['id'], ['type' => 'hidden', 'value' => $favorite['Favorite']['url'], 'class' => 'favorite-url']) ?>

Diff for: lib/Baser/View/Elements/admin/permissions/index_row.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ class="sort-handle"><?php $this->BcBaser->img('admin/sort.png', ['alt' => __d('b
4343
<td style="width:55%">
4444
<?php $this->BcBaser->link($data['Permission']['name'], ['action' => 'edit', $this->request->params['pass'][0], $data['Permission']['id']], ['escape' => true]); ?>
4545
<br/>
46-
<?php echo $data['Permission']['url']; ?>
46+
<?php echo h($data['Permission']['url']); ?>
4747
</td>
4848
<td style="width:10%"
4949
class="align-center"><?php echo $this->BcText->arrayValue($data['Permission']['auth'], [0 => '×', 1 => '']) ?></td>

Diff for: lib/Baser/View/Permissions/admin/form.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
<th class="col-head"><?php echo $this->BcForm->label('Permission.user_group_id', __d('baser', 'ユーザーグループ')) ?></th>
3131
<td class="col-input">
3232
<?php $userGroups = $this->BcForm->getControlSource('user_group_id') ?>
33-
<?php echo $userGroups[$this->BcForm->value('Permission.user_group_id')] ?>
33+
<?php echo h($userGroups[$this->BcForm->value('Permission.user_group_id')]) ?>
3434
<?php echo $this->BcForm->input('Permission.user_group_id', ['type' => 'hidden']) ?>
3535
</td>
3636
</tr>

Diff for: lib/Baser/View/Users/admin/form.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ class="helptext"><?php echo __d('baser', 'ニックネームを設定してい
9999
<div id="helptextUserGroupId"
100100
class="helptext"> <?php echo sprintf(__d('baser', 'ユーザーグループごとにコンテンツへのアクセス制限をかける場合などには%sより新しいグループを追加しアクセス制限の設定をおこないます。'), $this->BcBaser->getLink(__d('baser', 'ユーザーグループ管理'), ['controller' => 'user_groups', 'action' => 'index'])) ?></div>
101101
<?php else: ?>
102-
<?php echo $this->BcText->arrayValue($this->request->data['User']['user_group_id'], $userGroups) ?>
102+
<?php echo h($this->BcText->arrayValue($this->request->data['User']['user_group_id'], $userGroups)) ?>
103103
<?php echo $this->BcForm->input('User.user_group_id', ['type' => 'hidden']) ?>
104104
<?php endif ?>
105105
</td>

0 commit comments

Comments
 (0)