kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-30 02:26:58 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'hotfix/4.7.17.2'

Browse Source
This commit is contained in:
James Cole
2019-07-15 19:12:34 +02:00
parent 45b8c36272 def307010c
commit 05969eedbf
6 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sandstorm/changelog.md
View File

@@ -1,4 +1,4 @@
# 4.7.17.1 (API 0.9.2) # 4.7.17.2 (API 0.9.2)
- XSS bug in budget title. - XSS bug in budget title.
# 4.7.17 (API 0.9.2) # 4.7.17 (API 0.9.2)

2
.sandstorm/sandstorm-pkgdef.capnp
View File

@@ -16,7 +16,7 @@ const pkgdef :Spk.PackageDefinition = (
manifest = ( manifest = (
appTitle = (defaultText = "Firefly III"), appTitle = (defaultText = "Firefly III"),
appVersion = 28, appVersion = 28,
appMarketingVersion = (defaultText = "4.7.17.1"), appMarketingVersion = (defaultText = "4.7.17.2"),
actions = [ actions = [
# Define your "new document" handlers here. # Define your "new document" handlers here.

2
.travis.yml
View File

@@ -1,7 +1,7 @@
sudo: required sudo: required
language: bash language: bash
env: env:
- VERSION=4.7.17.1 - VERSION=4.7.17.2
dist: xenial dist: xenial

16
app/Support/Twig/Extension/Transaction.php
View File

@@ -132,13 +132,13 @@ class Transaction extends Twig_Extension
// journal has a budget: // journal has a budget:
if (null !== $transaction->transaction_journal_budget_id) { if (null !== $transaction->transaction_journal_budget_id) {
$name = $transaction->transaction_journal_budget_name; $name = $transaction->transaction_journal_budget_name;
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_journal_budget_id]), $name, $name); $txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_journal_budget_id]), e($name), e($name));
} }
// transaction has a budget // transaction has a budget
if (null !== $transaction->transaction_budget_id && '' === $txt) { if (null !== $transaction->transaction_budget_id && '' === $txt) {
$name = $transaction->transaction_budget_name; $name = $transaction->transaction_budget_name;
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_budget_id]), $name, $name); $txt = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$transaction->transaction_budget_id]), e($name), e($name));
} }
if ('' === $txt) { if ('' === $txt) {
@@ -150,7 +150,7 @@ class Transaction extends Twig_Extension
if ($budgets->count() > 0) { if ($budgets->count() > 0) {
$str = []; $str = [];
foreach ($budgets as $budget) { foreach ($budgets as $budget) {
$str[] = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$budget->id]), $budget->name, $budget->name); $str[] = sprintf('<a href="%s" title="%s">%s</a>', route('budgets.show', [$budget->id]), e($budget->name), e($budget->name));
} }
$txt = implode(', ', $str); $txt = implode(', ', $str);
} }
@@ -170,13 +170,13 @@ class Transaction extends Twig_Extension
// journal has a category: // journal has a category:
if (null !== $transaction->transaction_journal_category_id) { if (null !== $transaction->transaction_journal_category_id) {
$name = $transaction->transaction_journal_category_name; $name = $transaction->transaction_journal_category_name;
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_journal_category_id]), $name, $name); $txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_journal_category_id]), e($name), e($name));
} }
// transaction has a category: // transaction has a category:
if (null !== $transaction->transaction_category_id && '' === $txt) { if (null !== $transaction->transaction_category_id && '' === $txt) {
$name = $transaction->transaction_category_name; $name = $transaction->transaction_category_name;
$txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_category_id]), $name, $name); $txt = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$transaction->transaction_category_id]), e($name), e($name));
} }
if ('' === $txt) { if ('' === $txt) {
@@ -188,7 +188,7 @@ class Transaction extends Twig_Extension
if ($categories->count() > 0) { if ($categories->count() > 0) {
$str = []; $str = [];
foreach ($categories as $category) { foreach ($categories as $category) {
$str[] = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$category->id]), $category->name, $category->name); $str[] = sprintf('<a href="%s" title="%s">%s</a>', route('categories.show', [$category->id]), e($category->name), e($category->name));
} }
$txt = implode(', ', $str); $txt = implode(', ', $str);
@@ -266,7 +266,7 @@ class Transaction extends Twig_Extension
return $txt; return $txt;
} }
$txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), $iban); $txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), e($iban));
return $txt; return $txt;
} }
@@ -419,7 +419,7 @@ class Transaction extends Twig_Extension
return $txt; return $txt;
} }
$txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), $iban); $txt = sprintf('<a title="%3$s" href="%2$s">%1$s</a>', e($name), route('accounts.show', [$transactionId]), e($iban));
return $txt; return $txt;
} }

2
changelog.md
View File

@@ -2,7 +2,7 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/). This project adheres to [Semantic Versioning](http://semver.org/).
## [4.7.17.1 (API 0.9.2)] - 2019-07-15 ## [4.7.17.2 (API 0.9.2)] - 2019-07-15
- XSS bug in budget title. - XSS bug in budget title.

2
config/firefly.php
View File

@@ -93,7 +93,7 @@ return [
'is_demo_site' => false, 'is_demo_site' => false,
], ],
'encryption' => null === env('USE_ENCRYPTION') || env('USE_ENCRYPTION') === true, 'encryption' => null === env('USE_ENCRYPTION') || env('USE_ENCRYPTION') === true,
'version' => '4.7.17.1', 'version' => '4.7.17.2',
'api_version' => '0.9.2', 'api_version' => '0.9.2',
'db_version' => 10, 'db_version' => 10,
'maxUploadSize' => 15242880, 'maxUploadSize' => 15242880,