Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed an XSS vulnerability
  • Loading branch information
brandonkelly committed Oct 8, 2019
1 parent 476cb4a commit 0ee66d2
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 9 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG-v3.md
Expand Up @@ -16,6 +16,9 @@
- Fixed a PHP error occurred when viewing the PHP Info utility if `register_argc_argv` was set to `On` in `php.ini`. ([#4878](https://github.com/craftcms/cms/issues/4878))
- Fixed a bug where the `resave/matrix-blocks` command would wittingly resave Matrix blocks even if they hadn’t been loaded with their content, resulting in lost content. ([#5030](https://github.com/craftcms/cms/issues/5030))

### Security
- Fixed an XSS vulnerability.

## 3.3.7 - 2019-10-03

### Changed
Expand Down
8 changes: 4 additions & 4 deletions src/web/assets/cp/dist/js/Craft.js
@@ -1,4 +1,4 @@
/*! - 2019-09-25 */
/*! - 2019-10-08 */
(function($){

/** global: Craft */
Expand Down Expand Up @@ -4952,10 +4952,10 @@ Craft.AdminTable = Garnish.Base.extend(
this.updateUI();
this.onDeleteItem(id);

Craft.cp.displayNotice(Craft.t('app', this.settings.deleteSuccessMessage, {name: Craft.escapeHtml(name)}));
Craft.cp.displayNotice(Craft.t('app', this.settings.deleteSuccessMessage, {name: name}));
}
else {
Craft.cp.displayError(Craft.t('app', this.settings.deleteFailMessage, {name: Craft.escapeHtml(name)}));
Craft.cp.displayError(Craft.t('app', this.settings.deleteFailMessage, {name: name}));
}
},

Expand All @@ -4972,7 +4972,7 @@ Craft.AdminTable = Garnish.Base.extend(
},

getItemName: function($row) {
return $row.attr(this.settings.nameAttribute);
return Craft.escapeHtml($row.attr(this.settings.nameAttribute));
},

updateUI: function() {
Expand Down
2 changes: 1 addition & 1 deletion src/web/assets/cp/dist/js/Craft.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/web/assets/cp/dist/js/Craft.min.js.map

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions src/web/assets/cp/src/js/AdminTable.js
Expand Up @@ -135,10 +135,10 @@ Craft.AdminTable = Garnish.Base.extend(
this.updateUI();
this.onDeleteItem(id);

Craft.cp.displayNotice(Craft.t('app', this.settings.deleteSuccessMessage, {name: Craft.escapeHtml(name)}));
Craft.cp.displayNotice(Craft.t('app', this.settings.deleteSuccessMessage, {name: name}));
}
else {
Craft.cp.displayError(Craft.t('app', this.settings.deleteFailMessage, {name: Craft.escapeHtml(name)}));
Craft.cp.displayError(Craft.t('app', this.settings.deleteFailMessage, {name: name}));
}
},

Expand All @@ -155,7 +155,7 @@ Craft.AdminTable = Garnish.Base.extend(
},

getItemName: function($row) {
return $row.attr(this.settings.nameAttribute);
return Craft.escapeHtml($row.attr(this.settings.nameAttribute));
},

updateUI: function() {
Expand Down

0 comments on commit 0ee66d2

Please sign in to comment.