Merge branch 'v0.8' into stable

author: VirtualTam <virtualtam@flibidi.net> 2018-01-04 18:34:22 +0100
committer: VirtualTam <virtualtam@flibidi.net> 2018-01-04 18:34:22 +0100
commit: 99b083999eee26c877528241d6877f64b59c205b (patch)
tree: 986950c25e390dfde33d3d900689ac4b01e289cb
parent: 01e942d44c7194607649817216aeb5d65c6acad6 (diff)
parent: 9cd0df4d07599e8f0406c5cd867ebd01edc03846 (diff)
download: Shaarli-99b083999eee26c877528241d6877f64b59c205b.tar.gz
Shaarli-99b083999eee26c877528241d6877f64b59c205b.tar.zst
Shaarli-99b083999eee26c877528241d6877f64b59c205b.zip
3 files changed, 7 insertions, 7 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1340db56..51c60d4c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,13 +5,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
-## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - UNPUBLISHED
+## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
-### Added
+ **XSS vulnerability fixed. Please update.**
-### Changed
+### Security
+- Fix an XSS (cross-site-scripting) vulnerability in `index.php`
-### Fixed
 ## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
 ### Security
diff --git a/index.php b/index.php
index b4ccd1bd..6060bd9e 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Shaarli v0.8.4 - Shaare your links...
+ * Shaarli v0.8.5 - Shaare your links...
 *
 * The personal, minimalist, super-fast, database free, bookmarking service.
 *
@@ -459,7 +459,7 @@ if (isset($_POST['login']))
    else
    {
        ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
        if (isset($_GET['post'])) {
            $redir .= '&post=' . urlencode($_GET['post']);
            foreach (array('description', 'source', 'title') as $param) {
diff --git a/shaarli_version.php b/shaarli_version.php
index 1c1c5d74..a7b8799a 100644
--- a/shaarli_version.php
+++ b/shaarli_version.php
@@ -1 +1 @@
-<?php /* 0.8.4 */ ?>
+<?php /* 0.8.5 */ ?>
author	VirtualTam <virtualtam@flibidi.net>	2018-01-04 18:34:22 +0100
committer	VirtualTam <virtualtam@flibidi.net>	2018-01-04 18:34:22 +0100
commit	99b083999eee26c877528241d6877f64b59c205b (patch)
tree	986950c25e390dfde33d3d900689ac4b01e289cb
parent	01e942d44c7194607649817216aeb5d65c6acad6 (diff)
parent	9cd0df4d07599e8f0406c5cd867ebd01edc03846 (diff)
download	Shaarli-99b083999eee26c877528241d6877f64b59c205b.tar.gz Shaarli-99b083999eee26c877528241d6877f64b59c205b.tar.zst Shaarli-99b083999eee26c877528241d6877f64b59c205b.zip

diff --git a/CHANGELOG.md b/CHANGELOG.md index 1340db56..51c60d4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md
@@ -5,13 +5,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/)
5	and this project adheres to [Semantic Versioning](http://semver.org/).	5	and this project adheres to [Semantic Versioning](http://semver.org/).
6		6
7		7
8	## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - UNPUBLISHED	8	## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
9		9
10	### Added	10	XSS vulnerability fixed. Please update.
11		11
12	### Changed	12	### Security
		13	- Fix an XSS (cross-site-scripting) vulnerability in `index.php`
13		14
14	### Fixed
15		15
16	## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04	16	## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
17	### Security	17	### Security


diff --git a/index.php b/index.php index b4ccd1bd..6060bd9e 100644 --- a/index.php +++ b/index.php
@@ -1,6 +1,6 @@
1	<?php	1	<?php
2	/**	2	/**
3	* Shaarli v0.8.4 - Shaare your links...	3	* Shaarli v0.8.5 - Shaare your links...
4	*	4	*
5	* The personal, minimalist, super-fast, database free, bookmarking service.	5	* The personal, minimalist, super-fast, database free, bookmarking service.
6	*	6	*
@@ -459,7 +459,7 @@ if (isset($_POST['login']))
459	else	459	else
460	{	460	{
461	ban_loginFailed($conf);	461	ban_loginFailed($conf);
462	$redir = '&username='. $_POST['login'];	462	$redir = '&username='. urlencode($_POST['login']);
463	if (isset($_GET['post'])) {	463	if (isset($_GET['post'])) {
464	$redir .= '&post=' . urlencode($_GET['post']);	464	$redir .= '&post=' . urlencode($_GET['post']);
465	foreach (array('description', 'source', 'title') as $param) {	465	foreach (array('description', 'source', 'title') as $param) {


diff --git a/shaarli_version.php b/shaarli_version.php index 1c1c5d74..a7b8799a 100644 --- a/shaarli_version.php +++ b/shaarli_version.php
@@ -1 +1 @@
	<?php /* 0.8.4 */ ?>		<?php /* 0.8.5 */ ?>