Security: Fix XSS issue in template object 'username' (#7406)

release-1.3
Aleksander Machniak 5 years ago committed by Thomas Bruederli
parent 655cfa50cc
commit 37e2bc7457

@ -3,8 +3,8 @@ CHANGELOG Roundcube Webmail
RELEASE 1.3.12 RELEASE 1.3.12
-------------- --------------
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Fix couple of XSS issues in Installer (#7406) - Security: Fix couple of XSS issues in Installer (#7406)
RELEASE 1.3.11 RELEASE 1.3.11
-------------- --------------

@ -60,7 +60,16 @@ INSTALLATION
5. Point your browser to http://url-to-roundcube/installer/ 5. Point your browser to http://url-to-roundcube/installer/
6. Follow the instructions of the install script (or see MANUAL CONFIGURATION) 6. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
7. After creating and testing the configuration, remove the installer directory 7. After creating and testing the configuration, remove the installer directory
8. Check Known Issues section of this file ------------------------------------------
IMPORTANT: REMOVE THE INSTALLER DIRECTORY!
------------------------------------------
8. If you use git sources compile css files for the Elastic skin (required
lessc >= 1.5.0):
$ cd skins/elastic
$ lessc -x styles/styles.less > styles/styles.css
$ lessc -x styles/print.less > styles/print.css
$ lessc -x styles/embed.less > styles/embed.css
9. Check Known Issues section of this file
CONFIGURATION HINTS CONFIGURATION HINTS

@ -1823,7 +1823,9 @@ EOF;
$username = $this->app->user->get_username(); $username = $this->app->user->get_username();
} }
return rcube_utils::idn_to_utf8($username); $username = rcube_utils::idn_to_utf8($username);
return html::quote($username);
} }
/** /**

Loading…
Cancel
Save