diff --git a/administrator/components/com_banners/forms/banner.xml b/administrator/components/com_banners/forms/banner.xml
index a00dadac9c07f..77548ddcbc3d9 100644
--- a/administrator/components/com_banners/forms/banner.xml
+++ b/administrator/components/com_banners/forms/banner.xml
@@ -301,6 +301,9 @@
diff --git a/administrator/components/com_config/forms/application.xml b/administrator/components/com_config/forms/application.xml
index 3d75ef3e2f32f..efd72b315ae0a 100644
--- a/administrator/components/com_config/forms/application.xml
+++ b/administrator/components/com_config/forms/application.xml
@@ -1022,6 +1022,9 @@
diff --git a/administrator/components/com_contact/config.xml b/administrator/components/com_contact/config.xml
index ced0f5f8af9b6..58171c31bfe59 100644
--- a/administrator/components/com_contact/config.xml
+++ b/administrator/components/com_contact/config.xml
@@ -253,6 +253,9 @@
diff --git a/administrator/components/com_content/forms/article.xml b/administrator/components/com_content/forms/article.xml
index 1b8e80af72740..3552fd15608ec 100644
--- a/administrator/components/com_content/forms/article.xml
+++ b/administrator/components/com_content/forms/article.xml
@@ -723,6 +723,9 @@
name="image_intro"
type="media"
label="COM_CONTENT_FIELD_INTRO_LABEL"
+ schemes="http,https,ftp,ftps,data,file"
+ validate="url"
+ relative="true"
/>
diff --git a/administrator/components/com_languages/tmpl/installed/default.php b/administrator/components/com_languages/tmpl/installed/default.php
index ec095ad9251b7..b3f48444864bb 100644
--- a/administrator/components/com_languages/tmpl/installed/default.php
+++ b/administrator/components/com_languages/tmpl/installed/default.php
@@ -119,7 +119,7 @@
escape($row->author); ?>
- escape($row->authorEmail)); ?>
+ escape(PunycodeHelper::emailToUTF8($row->authorEmail)); ?>
|
escape($row->extension_id); ?>
diff --git a/administrator/components/com_menus/forms/item_alias.xml b/administrator/components/com_menus/forms/item_alias.xml
index cdb89b2be200c..6ef0572ada7d8 100644
--- a/administrator/components/com_menus/forms/item_alias.xml
+++ b/administrator/components/com_menus/forms/item_alias.xml
@@ -58,6 +58,9 @@
diff --git a/administrator/components/com_menus/forms/item_component.xml b/administrator/components/com_menus/forms/item_component.xml
index 82bc08fef8af6..ca2cf0728aab1 100644
--- a/administrator/components/com_menus/forms/item_component.xml
+++ b/administrator/components/com_menus/forms/item_component.xml
@@ -27,6 +27,9 @@
diff --git a/administrator/components/com_menus/forms/item_heading.xml b/administrator/components/com_menus/forms/item_heading.xml
index b4ce4ce2bf967..38b5b1ef87902 100644
--- a/administrator/components/com_menus/forms/item_heading.xml
+++ b/administrator/components/com_menus/forms/item_heading.xml
@@ -28,6 +28,9 @@
diff --git a/administrator/components/com_menus/forms/item_separator.xml b/administrator/components/com_menus/forms/item_separator.xml
index 20f0544445275..63371c6845258 100644
--- a/administrator/components/com_menus/forms/item_separator.xml
+++ b/administrator/components/com_menus/forms/item_separator.xml
@@ -23,6 +23,9 @@
diff --git a/administrator/components/com_menus/forms/item_url.xml b/administrator/components/com_menus/forms/item_url.xml
index 21850df4abb4f..7b58b121adfae 100644
--- a/administrator/components/com_menus/forms/item_url.xml
+++ b/administrator/components/com_menus/forms/item_url.xml
@@ -54,6 +54,9 @@
diff --git a/administrator/components/com_menus/forms/itemadmin_alias.xml b/administrator/components/com_menus/forms/itemadmin_alias.xml
index 2e4077f90205f..714233ecc6966 100644
--- a/administrator/components/com_menus/forms/itemadmin_alias.xml
+++ b/administrator/components/com_menus/forms/itemadmin_alias.xml
@@ -38,6 +38,9 @@
diff --git a/administrator/components/com_menus/forms/itemadmin_component.xml b/administrator/components/com_menus/forms/itemadmin_component.xml
index 8724d6401119f..c5196cfc77c3a 100644
--- a/administrator/components/com_menus/forms/itemadmin_component.xml
+++ b/administrator/components/com_menus/forms/itemadmin_component.xml
@@ -22,6 +22,9 @@
diff --git a/administrator/components/com_menus/forms/itemadmin_container.xml b/administrator/components/com_menus/forms/itemadmin_container.xml
index d6c07c0cdd9ee..bbf75ff074e08 100644
--- a/administrator/components/com_menus/forms/itemadmin_container.xml
+++ b/administrator/components/com_menus/forms/itemadmin_container.xml
@@ -35,6 +35,9 @@
diff --git a/administrator/components/com_menus/forms/itemadmin_heading.xml b/administrator/components/com_menus/forms/itemadmin_heading.xml
index 8aba60deaae8b..25181bcbb17de 100644
--- a/administrator/components/com_menus/forms/itemadmin_heading.xml
+++ b/administrator/components/com_menus/forms/itemadmin_heading.xml
@@ -35,6 +35,9 @@
diff --git a/administrator/components/com_menus/forms/itemadmin_url.xml b/administrator/components/com_menus/forms/itemadmin_url.xml
index 3f2b932dc55d8..355cee6896b47 100644
--- a/administrator/components/com_menus/forms/itemadmin_url.xml
+++ b/administrator/components/com_menus/forms/itemadmin_url.xml
@@ -52,6 +52,9 @@
diff --git a/administrator/components/com_newsfeeds/forms/newsfeed.xml b/administrator/components/com_newsfeeds/forms/newsfeed.xml
index 53f4a1fa37a23..cb0b9bdced79f 100644
--- a/administrator/components/com_newsfeeds/forms/newsfeed.xml
+++ b/administrator/components/com_newsfeeds/forms/newsfeed.xml
@@ -242,6 +242,9 @@
@@ -285,6 +288,9 @@
diff --git a/administrator/components/com_privacy/tmpl/requests/default.php b/administrator/components/com_privacy/tmpl/requests/default.php
index 5c0252b2f3531..58b9fd357d035 100644
--- a/administrator/components/com_privacy/tmpl/requests/default.php
+++ b/administrator/components/com_privacy/tmpl/requests/default.php
@@ -98,7 +98,7 @@
- escape($item->email)); ?>
+ escape(PunycodeHelper::emailToUTF8($item->email)); ?>
|
diff --git a/administrator/components/com_tags/config.xml b/administrator/components/com_tags/config.xml
index 46d675c58f24b..516a73a1a2479 100644
--- a/administrator/components/com_tags/config.xml
+++ b/administrator/components/com_tags/config.xml
@@ -73,6 +73,9 @@
diff --git a/administrator/components/com_tags/forms/tag.xml b/administrator/components/com_tags/forms/tag.xml
index cc27fb6f10586..08d282934c5fa 100644
--- a/administrator/components/com_tags/forms/tag.xml
+++ b/administrator/components/com_tags/forms/tag.xml
@@ -248,6 +248,9 @@
@@ -280,6 +283,9 @@
diff --git a/administrator/components/com_users/src/Controller/MethodController.php b/administrator/components/com_users/src/Controller/MethodController.php
index 66f921a8180fb..684a8b5483385 100644
--- a/administrator/components/com_users/src/Controller/MethodController.php
+++ b/administrator/components/com_users/src/Controller/MethodController.php
@@ -21,6 +21,7 @@
use Joomla\CMS\User\User;
use Joomla\CMS\User\UserFactoryAwareInterface;
use Joomla\CMS\User\UserFactoryAwareTrait;
+use Joomla\CMS\User\UserHelper;
use Joomla\Component\Users\Administrator\Helper\Mfa as MfaHelper;
use Joomla\Component\Users\Administrator\Model\BackupcodesModel;
use Joomla\Component\Users\Administrator\Model\MethodModel;
@@ -387,6 +388,9 @@ public function save($cachable = false, $urlparams = []): void
return;
}
+ // Method updated, destroy other active sessions
+ UserHelper::destroyUserSessions($userId, true);
+
$this->setRedirect($url);
}
diff --git a/administrator/components/com_users/tmpl/users/default.php b/administrator/components/com_users/tmpl/users/default.php
index 9add46e73f7cd..8c616f012b7a7 100644
--- a/administrator/components/com_users/tmpl/users/default.php
+++ b/administrator/components/com_users/tmpl/users/default.php
@@ -186,7 +186,7 @@
|
- escape($item->email)); ?>
+ escape(PunycodeHelper::emailToUTF8($item->email)); ?>
|
lastvisitDate !== null) : ?>
diff --git a/administrator/language/en-GB/lib_joomla.ini b/administrator/language/en-GB/lib_joomla.ini
index 49fc03701d6b9..15e4046b96ad4 100644
--- a/administrator/language/en-GB/lib_joomla.ini
+++ b/administrator/language/en-GB/lib_joomla.ini
@@ -345,6 +345,7 @@ JLIB_FORM_VALIDATE_FIELD_INVALID="Invalid field: %s"
JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s"
JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s"
JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s."
+JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED="Invalid URL: A code injection has been detected in %1$s."
JLIB_FORM_VALUE_CACHE_APCU="APC User Cache"
JLIB_FORM_VALUE_CACHE_FILE="File"
JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)"
diff --git a/administrator/manifests/files/joomla.xml b/administrator/manifests/files/joomla.xml
index 9cb44fef54e5b..1974873e41ccd 100644
--- a/administrator/manifests/files/joomla.xml
+++ b/administrator/manifests/files/joomla.xml
@@ -6,7 +6,7 @@
www.joomla.org
(C) 2019 Open Source Matters, Inc.
GNU General Public License version 2 or later; see LICENSE.txt
- 5.0.3-rc2-dev
+ 5.0.3
2024-02
FILES_JOOMLA_XML_DESCRIPTION
diff --git a/administrator/templates/atum/templateDetails.xml b/administrator/templates/atum/templateDetails.xml
index 32ded9d2ed915..41cd585b6e1f3 100644
--- a/administrator/templates/atum/templateDetails.xml
+++ b/administrator/templates/atum/templateDetails.xml
@@ -118,6 +118,9 @@
diff --git a/components/com_contact/tmpl/contact/default_address.php b/components/com_contact/tmpl/contact/default_address.php
index 5c858ff9d4730..f90fee3ecfb28 100644
--- a/components/com_contact/tmpl/contact/default_address.php
+++ b/components/com_contact/tmpl/contact/default_address.php
@@ -152,7 +152,7 @@
- item->webpage); ?>
+ escape(PunycodeHelper::urlToUTF8($this->item->webpage)); ?>
diff --git a/components/com_contact/tmpl/contact/default_profile.php b/components/com_contact/tmpl/contact/default_profile.php
index b4e0134a04f38..098006cda4563 100644
--- a/components/com_contact/tmpl/contact/default_profile.php
+++ b/components/com_contact/tmpl/contact/default_profile.php
@@ -30,9 +30,9 @@
$v_http = substr($profile->value, 0, 4);
if ($v_http === 'http') :
- echo '' . PunycodeHelper::urlToUTF8($profile->text) . '';
+ echo '' . $this->escape(PunycodeHelper::urlToUTF8($profile->text)) . '';
else :
- echo '' . PunycodeHelper::urlToUTF8($profile->text) . '';
+ echo '' . $this->escape(PunycodeHelper::urlToUTF8($profile->text)) . '';
endif;
break;
diff --git a/components/com_content/forms/article.xml b/components/com_content/forms/article.xml
index c57fdd213e3b1..252ddf25ed5a8 100644
--- a/components/com_content/forms/article.xml
+++ b/components/com_content/forms/article.xml
@@ -217,6 +217,9 @@
@@ -254,6 +257,9 @@
diff --git a/components/com_newsfeeds/tmpl/category/default_items.php b/components/com_newsfeeds/tmpl/category/default_items.php
index db4cb4b60c21a..91c3627eaf752 100644
--- a/components/com_newsfeeds/tmpl/category/default_items.php
+++ b/components/com_newsfeeds/tmpl/category/default_items.php
@@ -71,7 +71,7 @@
link); ?>
-
+ escape($link); ?>
diff --git a/components/com_tags/tmpl/tag/default.xml b/components/com_tags/tmpl/tag/default.xml
index 78ded32a244c2..3e542ba6f4547 100644
--- a/components/com_tags/tmpl/tag/default.xml
+++ b/components/com_tags/tmpl/tag/default.xml
@@ -88,6 +88,9 @@
diff --git a/components/com_tags/tmpl/tag/list.xml b/components/com_tags/tmpl/tag/list.xml
index 3c1a5af8f4a7a..b691efa4c9ec2 100644
--- a/components/com_tags/tmpl/tag/list.xml
+++ b/components/com_tags/tmpl/tag/list.xml
@@ -87,6 +87,9 @@
diff --git a/components/com_tags/tmpl/tags/default.xml b/components/com_tags/tmpl/tags/default.xml
index d23fb69a3c54d..8de92b785587d 100644
--- a/components/com_tags/tmpl/tags/default.xml
+++ b/components/com_tags/tmpl/tags/default.xml
@@ -71,6 +71,9 @@
diff --git a/components/com_users/tmpl/login/default.xml b/components/com_users/tmpl/login/default.xml
index ff0697f747984..0abcef5ed20c3 100644
--- a/components/com_users/tmpl/login/default.xml
+++ b/components/com_users/tmpl/login/default.xml
@@ -78,6 +78,9 @@
@@ -158,6 +161,9 @@
diff --git a/composer.json b/composer.json
index b6c329e5cbe59..8baf1d1569bd1 100644
--- a/composer.json
+++ b/composer.json
@@ -30,6 +30,10 @@
"type": "vcs",
"url": "https://github.com/joomla-backports/json-api-php.git",
"no-api": true
+ },
+ {
+ "type": "vcs",
+ "url": "https://github.com/joomla-framework/security-filter.git"
}
],
"autoload": {
@@ -53,7 +57,7 @@
"joomla/database": "~3.0",
"joomla/di": "~3.0",
"joomla/event": "~3.0",
- "joomla/filter": "~3.0",
+ "joomla/filter": "dev-3.x-mbstring-issue566 as 3.0.1",
"joomla/filesystem": "~3.0",
"joomla/http": "~3.0",
"joomla/input": "~3.0",
diff --git a/composer.lock b/composer.lock
index 279f635fb342c..0887d14d06229 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "a11e9fcd1917529c4c799d5c8760ec09",
+ "content-hash": "dc462f3aae0d3d98263188c78081d2f0",
"packages": [
{
"name": "algo26-matthias/idna-convert",
@@ -1581,16 +1581,16 @@
},
{
"name": "joomla/filter",
- "version": "3.0.0",
+ "version": "dev-3.x-mbstring-issue566",
"source": {
"type": "git",
- "url": "https://github.com/joomla-framework/filter.git",
- "reference": "b589b6a6c40ace650e2f55ed404994bd99ac3d4a"
+ "url": "git@github.com:joomla-framework/security-filter.git",
+ "reference": "4ea6d7f1515d6c1dfe83bb58b0ae5b5026689311"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/joomla-framework/filter/zipball/b589b6a6c40ace650e2f55ed404994bd99ac3d4a",
- "reference": "b589b6a6c40ace650e2f55ed404994bd99ac3d4a",
+ "url": "https://api.github.com/repos/joomla-framework/security-filter/zipball/4ea6d7f1515d6c1dfe83bb58b0ae5b5026689311",
+ "reference": "4ea6d7f1515d6c1dfe83bb58b0ae5b5026689311",
"shasum": ""
},
"require": {
@@ -1619,7 +1619,11 @@
"Joomla\\Filter\\": "src/"
}
},
- "notification-url": "https://packagist.org/downloads/",
+ "autoload-dev": {
+ "psr-4": {
+ "Joomla\\Filter\\Tests\\": "Tests/"
+ }
+ },
"license": [
"GPL-2.0-or-later"
],
@@ -1631,20 +1635,20 @@
"joomla"
],
"support": {
- "issues": "https://github.com/joomla-framework/filter/issues",
- "source": "https://github.com/joomla-framework/filter/tree/3.0.0"
+ "source": "https://github.com/joomla-framework/security-filter/tree/3.x-mbstring-issue566",
+ "issues": "https://github.com/joomla-framework/security-filter/issues"
},
"funding": [
{
- "url": "https://community.joomla.org/sponsorship-campaigns.html",
- "type": "custom"
+ "type": "github",
+ "url": "https://github.com/joomla"
},
{
- "url": "https://github.com/joomla",
- "type": "github"
+ "type": "custom",
+ "url": "https://community.joomla.org/sponsorship-campaigns.html"
}
],
- "time": "2023-10-06T19:31:30+00:00"
+ "time": "2024-02-10T14:05:40+00:00"
},
{
"name": "joomla/http",
@@ -9978,9 +9982,17 @@
"time": "2022-08-31T12:59:22+00:00"
}
],
- "aliases": [],
+ "aliases": [
+ {
+ "package": "joomla/filter",
+ "version": "dev-3.x-mbstring-issue566",
+ "alias": "3.0.1",
+ "alias_normalized": "3.0.1.0"
+ }
+ ],
"minimum-stability": "stable",
"stability-flags": {
+ "joomla/filter": 20,
"tobscure/json-api": 20
},
"prefer-stable": false,
diff --git a/includes/framework.php b/includes/framework.php
index ca0f22d3e407d..35de688cce0f0 100644
--- a/includes/framework.php
+++ b/includes/framework.php
@@ -9,6 +9,7 @@
\defined('_JEXEC') or die;
+use Joomla\CMS\Uri\Uri;
use Joomla\CMS\Version;
use Joomla\Utilities\IpHelper;
@@ -28,7 +29,7 @@
}
if (JPATH_ROOT === JPATH_PUBLIC) {
- header('Location: ' . substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'index.php')) . 'installation/index.php');
+ header('Location: ' . Uri::base() . 'installation/index.php');
exit;
}
diff --git a/language/en-GB/lib_joomla.ini b/language/en-GB/lib_joomla.ini
index e31571e9b846d..e66018acf241e 100644
--- a/language/en-GB/lib_joomla.ini
+++ b/language/en-GB/lib_joomla.ini
@@ -344,6 +344,7 @@ JLIB_FORM_VALIDATE_FIELD_INVALID="Invalid field: %s"
JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s"
JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s"
JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s."
+JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED="Invalid URL: A code injection has been detected in %1$s."
JLIB_FORM_VALUE_CACHE_APCU="APC User Cache"
JLIB_FORM_VALUE_CACHE_FILE="File"
JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)"
diff --git a/libraries/src/Form/Rule/UrlRule.php b/libraries/src/Form/Rule/UrlRule.php
index a02b348b46154..e6a38457a3f01 100644
--- a/libraries/src/Form/Rule/UrlRule.php
+++ b/libraries/src/Form/Rule/UrlRule.php
@@ -9,6 +9,7 @@
namespace Joomla\CMS\Form\Rule;
+use Joomla\CMS\Filter\InputFilter;
use Joomla\CMS\Form\Form;
use Joomla\CMS\Form\FormRule;
use Joomla\CMS\Language\Text;
@@ -53,6 +54,12 @@ public function test(\SimpleXMLElement $element, $value, $group = null, Registry
return true;
}
+ // Check the value for XSS payloads
+ if ((string) $element['disableXssCheck'] !== 'true' && InputFilter::checkAttribute(['href', $value])) {
+ $element->addAttribute('message', Text::sprintf('JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED', $element['name']));
+ return false;
+ }
+
$urlParts = UriHelper::parse_url($value);
// See https://www.w3.org/Addressing/URL/url-spec.txt
diff --git a/libraries/src/Version.php b/libraries/src/Version.php
index 9153e56e56d01..c45ce3c48e60f 100644
--- a/libraries/src/Version.php
+++ b/libraries/src/Version.php
@@ -66,7 +66,7 @@ final class Version
* @var string
* @since 3.8.0
*/
- public const EXTRA_VERSION = 'rc2-dev';
+ public const EXTRA_VERSION = '';
/**
* Development status.
@@ -74,7 +74,7 @@ final class Version
* @var string
* @since 3.5
*/
- public const DEV_STATUS = 'Development';
+ public const DEV_STATUS = 'Stable';
/**
* Code name.
@@ -90,7 +90,7 @@ final class Version
* @var string
* @since 3.5
*/
- public const RELDATE = '11-February-2024';
+ public const RELDATE = '20-February-2024';
/**
* Release time.
@@ -98,7 +98,7 @@ final class Version
* @var string
* @since 3.5
*/
- public const RELTIME = '15:30';
+ public const RELTIME = '16:00';
/**
* Release timezone.
diff --git a/modules/mod_custom/mod_custom.xml b/modules/mod_custom/mod_custom.xml
index 8dc3ad2d2d10c..036619b1849ed 100644
--- a/modules/mod_custom/mod_custom.xml
+++ b/modules/mod_custom/mod_custom.xml
@@ -40,6 +40,9 @@
diff --git a/plugins/schemaorg/blogposting/forms/schemaorg.xml b/plugins/schemaorg/blogposting/forms/schemaorg.xml
index 6a395d643dd4d..95614c3c29ac8 100755
--- a/plugins/schemaorg/blogposting/forms/schemaorg.xml
+++ b/plugins/schemaorg/blogposting/forms/schemaorg.xml
@@ -28,6 +28,9 @@
@@ -95,6 +98,9 @@
diff --git a/plugins/schemaorg/event/forms/schemaorg.xml b/plugins/schemaorg/event/forms/schemaorg.xml
index dc5d148f542e5..b53de147e6aed 100755
--- a/plugins/schemaorg/event/forms/schemaorg.xml
+++ b/plugins/schemaorg/event/forms/schemaorg.xml
@@ -28,6 +28,9 @@
@@ -189,6 +192,9 @@
diff --git a/plugins/schemaorg/jobposting/forms/schemaorg.xml b/plugins/schemaorg/jobposting/forms/schemaorg.xml
index 5f4e642885cf6..6331a55a7faf7 100755
--- a/plugins/schemaorg/jobposting/forms/schemaorg.xml
+++ b/plugins/schemaorg/jobposting/forms/schemaorg.xml
@@ -221,6 +221,9 @@
diff --git a/plugins/schemaorg/organization/forms/schemaorg.xml b/plugins/schemaorg/organization/forms/schemaorg.xml
index c758dae44e3f1..79df183f1b25c 100755
--- a/plugins/schemaorg/organization/forms/schemaorg.xml
+++ b/plugins/schemaorg/organization/forms/schemaorg.xml
@@ -35,6 +35,9 @@
diff --git a/plugins/schemaorg/recipe/forms/schemaorg.xml b/plugins/schemaorg/recipe/forms/schemaorg.xml
index 0eac259367580..3cfe3f504ab72 100755
--- a/plugins/schemaorg/recipe/forms/schemaorg.xml
+++ b/plugins/schemaorg/recipe/forms/schemaorg.xml
@@ -28,6 +28,9 @@
diff --git a/plugins/system/schemaorg/schemaorg.xml b/plugins/system/schemaorg/schemaorg.xml
index 025eb03305be2..326ef254756b9 100755
--- a/plugins/system/schemaorg/schemaorg.xml
+++ b/plugins/system/schemaorg/schemaorg.xml
@@ -52,6 +52,9 @@
-
\ No newline at end of file
+
diff --git a/plugins/user/profile/src/Extension/Profile.php b/plugins/user/profile/src/Extension/Profile.php
index 7a42081ad121d..fd6fd0d4b8225 100644
--- a/plugins/user/profile/src/Extension/Profile.php
+++ b/plugins/user/profile/src/Extension/Profile.php
@@ -133,7 +133,7 @@ public static function url($value)
}
// Convert website URL to utf8 for display
- $value = PunycodeHelper::urlToUTF8(htmlspecialchars($value));
+ $value = htmlspecialchars(PunycodeHelper::urlToUTF8($value), ENT_QUOTES, 'UTF-8');
if (strpos($value, 'http') === 0) {
return '' . $value . '';
diff --git a/templates/cassiopeia/templateDetails.xml b/templates/cassiopeia/templateDetails.xml
index b69ab1ba2035b..4e6f696e95175 100644
--- a/templates/cassiopeia/templateDetails.xml
+++ b/templates/cassiopeia/templateDetails.xml
@@ -66,6 +66,9 @@
|