Skip to content

Commit

Permalink
Fix missing escaping (possible XSS) of category names in the Backend
Browse files Browse the repository at this point in the history
Entry Admin, which would allow editors that create a forged
category name to attack other editors in the backend (privileged
access to the backend required).
Thanks a lot to Edric Teo for reporting this issue.
  • Loading branch information
garvinhicking committed Mar 12, 2015
1 parent eb7d9c8 commit a30886d
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
6 changes: 6 additions & 0 deletions docs/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@
Version 2.0.1 ()
------------------------------------------------------------------------

* Fix missing escaping (possible XSS) of category names in the Backend
Entry Admin, which would allow editors that create a forged
category name to attack other editors in the backend (privileged
access to the backend required).
Thanks a lot to Edric Teo for reporting this issue.

* Improved detection for possible upgrade/plugin/PHP errors. A
warning will be emitted on the dashboard, when the Serendipity
JavaScript-library could not be loaded.
Expand Down
2 changes: 1 addition & 1 deletion templates/2k11/admin/entries.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@
<span class="cat_view_pad">{$entry_cat.depth_pad}</span>
<input id="serendipity_category_{$entry_cat.categoryid}" name="serendipity[categories][]" type="checkbox" value="{$entry_cat.categoryid}"{if $entry_cat.is_selected} checked="checked"{/if}>

<label for="serendipity_category_{$entry_cat.categoryid}">{$entry_cat.category_name}</label>
<label for="serendipity_category_{$entry_cat.categoryid}">{$entry_cat.category_name|escape}</label>
</div>
{/foreach}
</fieldset>
Expand Down

0 comments on commit a30886d

Please sign in to comment.