diff options
| author | Kevin Decherf <kevin@kdecherf.com> | 2018-09-23 22:46:09 +0200 |
|---|---|---|
| committer | Kevin Decherf <kevin@kdecherf.com> | 2018-09-23 22:46:09 +0200 |
| commit | 66697b29b9fce63deccbed391c406c02a2a34dd2 (patch) | |
| tree | a88d710e2f6c9825c40260a355ce56a0a54e5c5b | |
| parent | 8013f35d96c42b15c1da28cdff40e97289ad4e25 (diff) | |
| download | wallabag-cve-2018-11352.tar.gz wallabag-cve-2018-11352.tar.zst wallabag-cve-2018-11352.zip | |
views: escape piwik host and siteId to prevent XSScve-2018-11352
Fixes CVE-2018-11352
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
| -rw-r--r-- | src/Wallabag/CoreBundle/Resources/views/base.html.twig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/Wallabag/CoreBundle/Resources/views/base.html.twig b/src/Wallabag/CoreBundle/Resources/views/base.html.twig index 2499bb88..49861946 100644 --- a/src/Wallabag/CoreBundle/Resources/views/base.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/base.html.twig | |||
| @@ -69,7 +69,7 @@ | |||
| 69 | {% block footer %}{% endblock %} | 69 | {% block footer %}{% endblock %} |
| 70 | 70 | ||
| 71 | {% if craue_setting('piwik_enabled') %} | 71 | {% if craue_setting('piwik_enabled') %} |
| 72 | {{ piwik(craue_setting('piwik_host'), craue_setting('piwik_site_id')) }} | 72 | {{ piwik(craue_setting('piwik_host')|e('html_attr'), craue_setting('piwik_site_id')|e('html_attr')) }} |
| 73 | {% endif %} | 73 | {% endif %} |
| 74 | </body> | 74 | </body> |
| 75 | </html> | 75 | </html> |