Skip to content

Commit

Permalink
Fixed entity sanitization for XSS detection
Browse files Browse the repository at this point in the history
  • Loading branch information
@w00fz
w00fz committed Feb 23, 2022
1 parent b992d7f commit 3dd0cab
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Expand Up @@ -8,6 +8,7 @@
* Fixed `'mbstring' extension is not loaded` error, use Polyfill instead [#3504](https://github.com/getgrav/grav/pull/3504)
* Fixed new `Utils::pathinfo()` and `Utils::basename()` being too strict for legacy use [#3542](https://github.com/getgrav/grav/issues/3542)
* Fixed non-standard video html atributes generated by `{{ media.html() }}` [#3540](https://github.com/getgrav/grav/issues/3540)
* Fixed entity sanitization for XSS detection

# v1.7.30
## 02/07/2022
Expand Down
2 changes: 1 addition & 1 deletion system/src/Grav/Common/Security.php
View file
Expand Up @@ -200,7 +200,7 @@ public static function detectXss($string, array $options = null): ?string
}, $string);

// Clean up entities
$string = preg_replace('!(&#0+[0-9]+)!u', '$1;', $string);
$string = preg_replace('!(&#[0-9]+)!u', '$1;', $string);

// Decode entities
$string = html_entity_decode($string, ENT_NOQUOTES | ENT_HTML5, 'UTF-8');
Expand Down

2 comments on commit 3dd0cab

@Shadw666
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can I remove these from my phone when I got denied admin access to my phone !? I need help

@w00fz
Copy link
Member Author

@w00fz w00fz commented on 3dd0cab Mar 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you mean you have forgotten your admin password, log into your server and reset the admin password

Please sign in to comment.