Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix possible RSS XSS (#14457)
Escape titles when shown.  Body was already cleaned.
  • Loading branch information
murrant committed Oct 14, 2022
1 parent bc48c84 commit 8e85698
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions includes/html/pages/notifications.inc.php
Expand Up @@ -84,7 +84,7 @@

$class = $notif['severity'] == 2 ? 'text-danger' : 'text-warning';
echo "<h4 class='$class' id='${notif['notifications_id']}'>";
echo "<strong><i class='fa fa-bell-o'></i>&nbsp;${notif['title']}</strong>";
echo "<strong><i class='fa fa-bell-o'></i>&nbsp;" . htmlentities($notif['title']) . '</strong>';
echo "<span class='pull-right'>";

if ($notif['user_id'] != Auth::id()) {
Expand Down Expand Up @@ -125,7 +125,7 @@
} elseif ($notif['severity'] == 2) {
$class = 'text-danger';
}
echo "<h4 class='$class' id='${notif['notifications_id']}'>${notif['title']}<span class='pull-right'>";
echo "<h4 class='$class' id='${notif['notifications_id']}'>" . htmlentities($notif['title']) . "<span class='pull-right'>";

if (Auth::user()->hasGlobalAdmin()) {
echo '<button class="btn btn-primary fa fa-bell-o stick-notif" data-toggle="tooltip" data-placement="bottom" title="Mark as Sticky" style="margin-top:-10px;"></button>';
Expand Down Expand Up @@ -168,7 +168,7 @@
} elseif ($notif['severity'] == 2) {
echo ' class="text-danger"';
}
echo " id='${notif['notifications_id']}'>${notif['title']}";
echo " id='${notif['notifications_id']}'>" . htmlentities($notif['title']);

if (Auth::user()->isAdmin()) {
echo '<span class="pull-right"><button class="btn btn-primary fa fa-bell-o stick-notif" data-toggle="tooltip" data-placement="bottom" title="Mark as Sticky" style="margin-top:-10px;"></button></span>';
Expand Down

0 comments on commit 8e85698

Please sign in to comment.