Security: Fix XSS issue in template object 'username' (#7406)

release-1.3
Aleksander Machniak 5 years ago committed by Thomas Bruederli
parent 655cfa50cc
commit 37e2bc7457

@ -3,8 +3,8 @@ CHANGELOG Roundcube Webmail
RELEASE 1.3.12
--------------
- Security: Fix couple of XSS issues in Installer (#7406)
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Fix couple of XSS issues in Installer (#7406)
RELEASE 1.3.11
--------------

@ -60,7 +60,16 @@ INSTALLATION
5. Point your browser to http://url-to-roundcube/installer/
6. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
7. After creating and testing the configuration, remove the installer directory
8. Check Known Issues section of this file
------------------------------------------
IMPORTANT: REMOVE THE INSTALLER DIRECTORY!
------------------------------------------
8. If you use git sources compile css files for the Elastic skin (required
lessc >= 1.5.0):
$ cd skins/elastic
$ lessc -x styles/styles.less > styles/styles.css
$ lessc -x styles/print.less > styles/print.css
$ lessc -x styles/embed.less > styles/embed.css
9. Check Known Issues section of this file
CONFIGURATION HINTS

@ -1823,7 +1823,9 @@ EOF;
$username = $this->app->user->get_username();
}
return rcube_utils::idn_to_utf8($username);
$username = rcube_utils::idn_to_utf8($username);
return html::quote($username);
}
/**

Loading…
Cancel
Save