Skip to content

Commit a30886d

Browse files
committed
Fix missing escaping (possible XSS) of category names in the Backend
Entry Admin, which would allow editors that create a forged category name to attack other editors in the backend (privileged access to the backend required). Thanks a lot to Edric Teo for reporting this issue.
1 parent eb7d9c8 commit a30886d

File tree

2 files changed

+7
-1
lines changed

2 files changed

+7
-1
lines changed

Diff for: docs/NEWS

+6
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,12 @@
33
Version 2.0.1 ()
44
------------------------------------------------------------------------
55

6+
* Fix missing escaping (possible XSS) of category names in the Backend
7+
Entry Admin, which would allow editors that create a forged
8+
category name to attack other editors in the backend (privileged
9+
access to the backend required).
10+
Thanks a lot to Edric Teo for reporting this issue.
11+
612
* Improved detection for possible upgrade/plugin/PHP errors. A
713
warning will be emitted on the dashboard, when the Serendipity
814
JavaScript-library could not be loaded.

Diff for: templates/2k11/admin/entries.tpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@
141141
<span class="cat_view_pad">{$entry_cat.depth_pad}</span>
142142
<input id="serendipity_category_{$entry_cat.categoryid}" name="serendipity[categories][]" type="checkbox" value="{$entry_cat.categoryid}"{if $entry_cat.is_selected} checked="checked"{/if}>
143143

144-
<label for="serendipity_category_{$entry_cat.categoryid}">{$entry_cat.category_name}</label>
144+
<label for="serendipity_category_{$entry_cat.categoryid}">{$entry_cat.category_name|escape}</label>
145145
</div>
146146
{/foreach}
147147
</fieldset>

0 commit comments

Comments
 (0)