Release 1.1.3

humhub-contrib · Jan 8, 2024 · 4bca07f · 4bca07f
1 parent 9077f70
commit 4bca07f
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5 deletions.
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -1,7 +1,11 @@
 Changelog
 =========
 
-1.1.2 (January 6, 2024)
+1.1.3 (January 8, 2024)
+----------------------
+- Fix: Missing Twig SecurityPolicy rule
+
+- 1.1.2 (January 6, 2024)
 ----------------------
 - Enh: Added Twig SecurityPolicy
 

diff --git a/module.json b/module.json
@@ -3,7 +3,7 @@
   "name": "Virtual Card Popover",
   "description": "Shows a virtual business card displaying brief information about the user when hovering over a user's profile picture or name",
   "keywords": ["business card, popover, hover, profile information"],
-  "version": "1.1.2",
+  "version": "1.1.3",
   "humhub": {
     "minVersion": "1.12"
   },

diff --git a/widgets/VCardSpace.php b/widgets/VCardSpace.php
@@ -44,7 +44,7 @@ public function run()
         $memberCount = Membership::getSpaceMembersQuery($this->space)->count();
 
         $twig = new Environment(new ArrayLoader());
-        $twig->addExtension(new SandboxExtension(new SecurityPolicy(['if', 'for'], ['escape']), true));
+        $twig->addExtension(new SandboxExtension(new SecurityPolicy(['if', 'for'], ['escape', 'e']), true));
 
         $templateParams = ['space' => $this->space, 'memberCount' => $memberCount];
 

diff --git a/widgets/VCardUser.php b/widgets/VCardUser.php
@@ -9,6 +9,7 @@
 
 use humhub\components\Widget;
 use humhub\modules\popovervcard\Module;
+use humhub\modules\user\models\Profile;
 use Twig\Environment;
 use Twig\Error\LoaderError;
 use Twig\Error\RuntimeError;
@@ -33,14 +34,14 @@ public function run()
         $module = Yii::$app->getModule('popover-vcard');
 
         $twig = new Environment(new ArrayLoader());
-        $twig->addExtension(new SandboxExtension(new SecurityPolicy(['if', 'for'], ['escape']), true));
+        $twig->addExtension(new SandboxExtension(new SecurityPolicy(['if', 'for'], ['escape', 'e'], [Profile::class => 'about']), true));
 
         $templateParams = ['user' => $this->user, 'profile' => $this->user->profile];
 
         try {
             $description = $twig->createTemplate($module->getConfiguration()->userContent)
                 ->render($templateParams);
-        } catch (LoaderError | RuntimeError | SyntaxError $e) {
+        } catch (LoaderError|RuntimeError|SyntaxError $e) {
             $description = $e->getMessage();
         }