diff --git a/.sandstorm/changelog.md b/.sandstorm/changelog.md
index 6ffcc52bc5..13b38d665b 100644
--- a/.sandstorm/changelog.md
+++ b/.sandstorm/changelog.md
@@ -1,4 +1,4 @@
-# 4.7.17.1 (API 0.9.2)
+# 4.7.17.2 (API 0.9.2)
- XSS bug in budget title.
# 4.7.17 (API 0.9.2)
diff --git a/.sandstorm/sandstorm-pkgdef.capnp b/.sandstorm/sandstorm-pkgdef.capnp
index d78701e8aa..cdec1b1794 100644
--- a/.sandstorm/sandstorm-pkgdef.capnp
+++ b/.sandstorm/sandstorm-pkgdef.capnp
@@ -16,7 +16,7 @@ const pkgdef :Spk.PackageDefinition = (
manifest = (
appTitle = (defaultText = "Firefly III"),
appVersion = 28,
- appMarketingVersion = (defaultText = "4.7.17.1"),
+ appMarketingVersion = (defaultText = "4.7.17.2"),
actions = [
# Define your "new document" handlers here.
diff --git a/.travis.yml b/.travis.yml
index 0a9aa870af..6716f0f425 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,7 @@
sudo: required
language: bash
env:
- - VERSION=4.7.17.1
+ - VERSION=4.7.17.2
dist: xenial
diff --git a/app/Support/Twig/Extension/Transaction.php b/app/Support/Twig/Extension/Transaction.php
index 9137ee1e9f..8894eff09c 100644
--- a/app/Support/Twig/Extension/Transaction.php
+++ b/app/Support/Twig/Extension/Transaction.php
@@ -132,13 +132,13 @@ class Transaction extends Twig_Extension
// journal has a budget:
if (null !== $transaction->transaction_journal_budget_id) {
$name = $transaction->transaction_journal_budget_name;
- $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_journal_budget_id]), $name, $name);
+ $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_journal_budget_id]), e($name), e($name));
}
// transaction has a budget
if (null !== $transaction->transaction_budget_id && '' === $txt) {
$name = $transaction->transaction_budget_name;
- $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_budget_id]), $name, $name);
+ $txt = sprintf('%s', route('budgets.show', [$transaction->transaction_budget_id]), e($name), e($name));
}
if ('' === $txt) {
@@ -150,7 +150,7 @@ class Transaction extends Twig_Extension
if ($budgets->count() > 0) {
$str = [];
foreach ($budgets as $budget) {
- $str[] = sprintf('%s', route('budgets.show', [$budget->id]), $budget->name, $budget->name);
+ $str[] = sprintf('%s', route('budgets.show', [$budget->id]), e($budget->name), e($budget->name));
}
$txt = implode(', ', $str);
}
@@ -170,13 +170,13 @@ class Transaction extends Twig_Extension
// journal has a category:
if (null !== $transaction->transaction_journal_category_id) {
$name = $transaction->transaction_journal_category_name;
- $txt = sprintf('%s', route('categories.show', [$transaction->transaction_journal_category_id]), $name, $name);
+ $txt = sprintf('%s', route('categories.show', [$transaction->transaction_journal_category_id]), e($name), e($name));
}
// transaction has a category:
if (null !== $transaction->transaction_category_id && '' === $txt) {
$name = $transaction->transaction_category_name;
- $txt = sprintf('%s', route('categories.show', [$transaction->transaction_category_id]), $name, $name);
+ $txt = sprintf('%s', route('categories.show', [$transaction->transaction_category_id]), e($name), e($name));
}
if ('' === $txt) {
@@ -188,7 +188,7 @@ class Transaction extends Twig_Extension
if ($categories->count() > 0) {
$str = [];
foreach ($categories as $category) {
- $str[] = sprintf('%s', route('categories.show', [$category->id]), $category->name, $category->name);
+ $str[] = sprintf('%s', route('categories.show', [$category->id]), e($category->name), e($category->name));
}
$txt = implode(', ', $str);
@@ -266,7 +266,7 @@ class Transaction extends Twig_Extension
return $txt;
}
- $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), $iban);
+ $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), e($iban));
return $txt;
}
@@ -419,7 +419,7 @@ class Transaction extends Twig_Extension
return $txt;
}
- $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), $iban);
+ $txt = sprintf('%1$s', e($name), route('accounts.show', [$transactionId]), e($iban));
return $txt;
}
diff --git a/changelog.md b/changelog.md
index 7a0b68b7b6..9ad4d37c3b 100644
--- a/changelog.md
+++ b/changelog.md
@@ -2,7 +2,7 @@
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
-## [4.7.17.1 (API 0.9.2)] - 2019-07-15
+## [4.7.17.2 (API 0.9.2)] - 2019-07-15
- XSS bug in budget title.
diff --git a/config/firefly.php b/config/firefly.php
index bddb70e10c..9c481fe5f4 100644
--- a/config/firefly.php
+++ b/config/firefly.php
@@ -93,7 +93,7 @@ return [
'is_demo_site' => false,
],
'encryption' => null === env('USE_ENCRYPTION') || env('USE_ENCRYPTION') === true,
- 'version' => '4.7.17.1',
+ 'version' => '4.7.17.2',
'api_version' => '0.9.2',
'db_version' => 10,
'maxUploadSize' => 15242880,