From 1fd119d37fef976e5dc26ec9514d68ccbc18122f Mon Sep 17 00:00:00 2001
From: Thomas Konrad <tkonrad@gmx.net>
Date: Fri, 15 Feb 2013 17:58:05 +0100
Subject: [PATCH] Fixed an XSS vulnerability in the Twig Extension
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The 'render_relation_element' filter (in contrast to the other two
filters) does not use a template for rendering, but simply returns the
'__toString()' value of the given object (that's the default behavior).
However, the method was marked as HTML-safe. This leads to the fact
that any string returned by '__toString()' (which often comes from
direct user input) is output without any escaping. This makes the
filter vulnerable to a Stored Cross-Site Scripting attack. The
vulnerability has been fixed in this commit.
---
 Twig/Extension/SonataAdminExtension.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Twig/Extension/SonataAdminExtension.php b/Twig/Extension/SonataAdminExtension.php
index d6b8eefab5..41f84054b8 100644
--- a/Twig/Extension/SonataAdminExtension.php
+++ b/Twig/Extension/SonataAdminExtension.php
@@ -40,7 +40,7 @@ public function getFilters()
         return array(
             'render_list_element'     => new \Twig_Filter_Method($this, 'renderListElement', array('is_safe' => array('html'))),
             'render_view_element'     => new \Twig_Filter_Method($this, 'renderViewElement', array('is_safe' => array('html'))),
-            'render_relation_element' => new \Twig_Filter_Method($this, 'renderRelationElement', array('is_safe' => array('html'))),
+            'render_relation_element' => new \Twig_Filter_Method($this, 'renderRelationElement'),
         );
     }