Merge remote-tracking branch 'security/master.config-xss-2018-03-13'

mautic · Apr 17, 2018 · 3add236 · 3add236
2 parents 5f58b75 + 4663997
commit 3add236
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/app/bundles/CoreBundle/Views/Theme/list.html.php b/app/bundles/CoreBundle/Views/Theme/list.html.php
@@ -107,7 +107,7 @@
                                         <div class="modal-header">
                                             <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                                                 <span aria-hidden="true">&times;</span></button>
-                                            <h4 class="modal-title" id="<?php echo $k; ?>"><?php echo $item['name']; ?></h4>
+                                            <h4 class="modal-title" id="<?php echo $k; ?>"><?php echo $view->escape($item['name']); ?></h4>
                                         </div>
                                         <div class="modal-body">
                                             <div style="background-image: url(<?php echo $thumbnailUrl ?>);background-repeat:no-repeat;background-size:contain; background-position:center; width: 100%; height: 600px"></div>
@@ -119,17 +119,17 @@
                     </td>
                     <td>
                         <div>
-                            <?php echo $item['name']; ?> (<?php echo $item['key']; ?>)
+                            <?php echo $view->escape($item['name']); ?> (<?php echo $view->escape($item['key']); ?>)
                         </div>
                     </td>
                     <td>
                         <div>
                             <?php if (isset($item['config']['authorUrl'])) : ?>
                                 <a href="<?php echo $item['config']['authorUrl']; ?>" target="_blank">
-                                    <?php echo $item['config']['author']; ?>
+                                    <?php echo $view->escape($item['config']['author']); ?>
                                 </a>
                             <?php elseif (isset($item['config']['author'])) : ?>
-                                <?php echo $item['config']['author']; ?>
+                                <?php echo $view->escape($item['config']['author']); ?>
                             <?php endif; ?>
                         </div>
                     </td>
@@ -138,7 +138,7 @@
                             <?php foreach ($item['config']['features'] as $feature) : ?>
                                 <span style="white-space: nowrap;">
                                     <span class="label label-default pa-4">
-                                        <?php echo $view['translator']->trans('mautic.core.theme.feature.'.$feature); ?>
+                                        <?php echo $view['translator']->trans('mautic.core.theme.feature.'.$view->escape($feature)); ?>
                                     </span>
                                 </span>
                             <?php endforeach; ?>