Skip to content
Permalink
Browse files
Fix: XSS vulnerability in some module titles
  • Loading branch information
fisharebest committed Sep 15, 2021
1 parent 698f970 commit a743d8a2f9a2ec24120e80ab37b2b699bcfc2694
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
@@ -108,7 +108,7 @@ public function getBlock(Tree $tree, int $block_id, string $context, array $conf
'block' => Str::kebab($this->name()),
'id' => $block_id,
'config_url' => $this->configUrl($tree, $context, $block_id),
'title' => $title,
'title' => e($title),
'content' => $content,
]);
}
@@ -117,7 +117,7 @@ public function getBlock(Tree $tree, int $block_id, string $context, array $conf
];
$content = view('modules/user_welcome/welcome', ['links' => $links]);

$real_name = '<bdi>' . e(Auth::user()->realName()) . '</bdi>';
$real_name = "\u{2068}" . e(Auth::user()->realName()) . "\u{2069}";

/* I18N: A %s is the user’s name */
$title = I18N::translate('Welcome %s', $real_name);
@@ -127,7 +127,7 @@ public function getBlock(Tree $tree, int $block_id, string $context, array $conf
'block' => Str::kebab($this->name()),
'id' => $block_id,
'config_url' => '',
'title' => $title,
'title' => e($title),
'content' => $content,
]);
}
@@ -123,7 +123,7 @@ public function getBlock(Tree $tree, int $block_id, string $context, array $conf
'block' => Str::kebab($this->name()),
'id' => $block_id,
'config_url' => '',
'title' => $individual->tree()->title(),
'title' => e($individual->tree()->title()),
'content' => $content,
]);
}

0 comments on commit a743d8a

Please sign in to comment.