From c20d9e311f5faa815d35a87a6cfc50644c81244b Mon Sep 17 00:00:00 2001
From: Alexey Py <lex61rus@gmail.com>
Date: Wed, 4 Jan 2017 23:57:33 +0300
Subject: Update copyright year

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c9488288..f96e2b8c 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,6 @@ make run
 ```
 
 # License
-Copyright © 2013-2016 Nicolas Lœuillet <nicolas@loeuillet.org>
+Copyright © 2013-2017 Nicolas Lœuillet <nicolas@loeuillet.org>
 This work is free. You can redistribute it and/or modify it under the
 terms of the MIT License. See the COPYING file for more details.
-- 
cgit v1.2.3


From de84b135e2bc033c063178cadd00069a3f2b3ca5 Mon Sep 17 00:00:00 2001
From: Alexey Py <lex61rus@gmail.com>
Date: Thu, 5 Jan 2017 00:06:09 +0300
Subject: Update copyright year in COPYING.md

---
 COPYING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/COPYING.md b/COPYING.md
index bc5be341..6be863d3 100644
--- a/COPYING.md
+++ b/COPYING.md
@@ -1,4 +1,4 @@
-Copyright (c) 2013-2016 Nicolas Lœuillet
+Copyright (c) 2013-2017 Nicolas Lœuillet
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
-- 
cgit v1.2.3


From 3d9950792c0aef20643ce1c5f81670e1f7194af9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas@loeuillet.org>
Date: Tue, 17 Jan 2017 10:09:04 +0100
Subject: Fixed possible JS injection via the title edition

---
 .../Resources/views/themes/baggy/Entry/entries.html.twig       |  4 ++--
 .../Resources/views/themes/baggy/Entry/entry.html.twig         |  6 +++---
 .../Resources/views/themes/common/Entry/entries.xml.twig       |  2 +-
 .../Resources/views/themes/common/Entry/share.html.twig        | 10 +++++-----
 .../views/themes/material/Entry/_card_full_image.html.twig     |  4 ++--
 .../views/themes/material/Entry/_card_no_preview.html.twig     |  4 ++--
 .../views/themes/material/Entry/_card_preview.html.twig        |  8 ++++----
 .../Resources/views/themes/material/Entry/entry.html.twig      |  4 ++--
 var/SymfonyRequirements.php                                    |  6 +++++-
 9 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig
index 56a0faac..4679714e 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig
@@ -23,7 +23,7 @@
 
     {% for entry in entries %}
         <div id="entry-{{ entry.id|e }}" class="entry">
-            <h2><a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title|raw }}">{{ entry.title|raw }}</a></h2>
+            <h2><a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title|e|raw }}">{{ entry.title|e|raw }}</a></h2>
 
             {% set readingTime = entry.readingTime / app.user.config.readingSpeed %}
             <div class="estimatedTime">
@@ -60,7 +60,7 @@
                     <li><a href="{{ path('tag_entries', {'slug': tag.slug}) }}">{{ tag.label }}</a></li>
                 {% endfor %}
                 </ul>
-                <img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|raw }}" />
+                <img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|e|raw }}" />
             {% endif %}
         </div>
     {% endfor %}
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig
index 3689159b..8ca194f6 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig
@@ -1,11 +1,11 @@
 {% extends "WallabagCoreBundle::layout.html.twig" %}
 
-{% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
+{% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
 
 {% block content %}
     <div id="article">
         <header class="mbm">
-            <h1>{{ entry.title|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" class="nostyle" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
+            <h1>{{ entry.title|e|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" class="nostyle" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
         </header>
 
         <div id="article_toolbar">
@@ -67,7 +67,7 @@
             </aside>
         </div>
         {% if entry.previewPicture is not null %}
-            <div><img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|raw }}" /></div>
+            <div><img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|e|raw }}" /></div>
         {% endif %}
         <article>
             {{ entry.content | raw }}
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig
index 288bb54f..7103f22b 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig
@@ -10,7 +10,7 @@
         {% for entry in entries %}
 
             <item>
-                <title><![CDATA[{{ entry.title }}]]></title>
+                <title><![CDATA[{{ entry.title|e }}]]></title>
                 <source url="{{ url('view', { 'id': entry.id }) }}">wallabag</source>
                 <link>{{ entry.url }}</link>
                 <guid>{{ entry.url }}</guid>
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig
index f77264c6..623cf1c4 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig
@@ -1,6 +1,6 @@
 <html>
     <head>
-        <title>{{ entry.title | raw }}</title>
+        <title>{{ entry.title|e|raw }}</title>
         <style>
             body {
                 margin: 10px;
@@ -27,7 +27,7 @@
                 width: 600px;
             }
         </style>
-        <meta property="og:title" content="{{ entry.title | raw }}" />
+        <meta property="og:title" content="{{ entry.title|e|raw }}" />
         <meta property="og:type" content="article" />
         <meta property="og:url" content="{{ app.request.uri }}" />
         {% set picturePath = app.request.schemeAndHttpHost ~ asset('bundles/wallabagcore/themes/_global/img/logo-other_themes.png') %}
@@ -38,13 +38,13 @@
         <meta name="twitter:card" content="summary" />
         <meta name="twitter:image" content="{{ picturePath }}" />
         <meta name="twitter:site" content="@wallabagapp" />
-        <meta name="twitter:title" content="{{ entry.title | raw }}" />
+        <meta name="twitter:title" content="{{ entry.title|e|raw }}" />
         <meta name="twitter:description" content="{{ entry.content|striptags|slice(0, 300)|raw }}&hellip;" />
     </head>
     <body>
         <header>
-            <h1>{{ entry.title | raw }}</h1>
-            <div><a href="{{ entry.url|e }}" target="_blank" title="{{ 'entry.view.original_article'|trans }} : {{ entry.title|e }}" class="tool">{{ entry.domainName|removeWww }}</a></div>
+            <h1>{{ entry.title|e|raw }}</h1>
+            <div><a href="{{ entry.url|e }}" target="_blank" title="{{ 'entry.view.original_article'|trans }} : {{ entry.title|e|raw }}" class="tool">{{ entry.domainName|removeWww }}</a></div>
             <div>{{ "entry.public.shared_by_wallabag"|trans({'%wallabag_instance%': url('homepage')})|raw }}</div>
         </header>
         <article>
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
index 0fdd5996..91a1bac0 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
@@ -11,8 +11,8 @@
 
         <div class="card-content">
             <span class="card-title dot-ellipsis dot-resize-update">
-                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
-                    {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title| e | raw | striptags }}">
+                    {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
                 </a>
             </span>
 
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig
index 19a400b4..ed916e79 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig
@@ -2,8 +2,8 @@
     <div class="card-body">
         <div class="card-content">
             <span class="card-title dot-ellipsis dot-resize-update">
-                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
-                    {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
+                    {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
                 </a>
             </span>
 
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
index b0e3c06d..d23be4d0 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
@@ -13,8 +13,8 @@
             <i class="grey-text text-darken-4 activator material-icons right">more_vert</i>
 
             <span class="card-title dot-ellipsis dot-resize-update">
-                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
-                    {{ entry.title| striptags | truncate(80, true, '…') | raw }}
+                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
+                    {{ entry.title | e | striptags | truncate(80, true, '…') | raw }}
                 </a>
             </span>
 
@@ -29,8 +29,8 @@
     <div class="card-reveal">
         <i class="card-title activator grey-text text-darken-4 material-icons right">clear</i>
         <span class="card-title">
-            <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
-                {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+            <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
+                {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
             </a>
         </span>
 
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
index c615a907..b445f7d5 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
@@ -1,6 +1,6 @@
 {% extends "WallabagCoreBundle::layout.html.twig" %}
 
-{% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
+{% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
 
 {% block body_class %}entry{% endblock %}
 
@@ -209,7 +209,7 @@
 {% block content %}
     <div id="article">
         <header class="mbm">
-            <h1>{{ entry.title|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
+            <h1>{{ entry.title|e|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
         </header>
         <aside>
             <ul class="tools">
diff --git a/var/SymfonyRequirements.php b/var/SymfonyRequirements.php
index 7e7723af..7e7a99de 100644
--- a/var/SymfonyRequirements.php
+++ b/var/SymfonyRequirements.php
@@ -780,7 +780,11 @@ class SymfonyRequirements extends RequirementCollection
     {
         $size = ini_get('realpath_cache_size');
         $size = trim($size);
-        $unit = strtolower(substr($size, -1, 1));
+        $unit = '';
+        if (!ctype_digit($size)) {
+            $unit = strtolower(substr($size, -1, 1));
+            $size = (int) substr($size, 0, -1);
+        }
         switch ($unit) {
             case 'g':
                 return $size * 1024 * 1024 * 1024;
-- 
cgit v1.2.3


From 1ba542ce04fb3e573bc605d24251dca3b3bf5b48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas@loeuillet.org>
Date: Tue, 17 Jan 2017 10:46:41 +0100
Subject: Prepare wallabag 2.1.6 :rocket:

---
 CHANGELOG.md          | 8 +++++++-
 app/config/config.yml | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ad916426..c31d62b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,12 @@
 ## Changelog
 
+### 2.1.6 2017/01/17
+- [#2758](https://github.com/wallabag/wallabag/pull/2758) Fixed possible JS injection via the title edition (@nicosomb)
+- [#2736](https://github.com/wallabag/wallabag/pull/2736) Update copyright year (@lex111)
+- [#2624](https://github.com/wallabag/wallabag/pull/2624) Fix #2056 update config.yml (@Rurik19)
+
 ### 2.1.5 2016/11/21
+- [#2625](https://github.com/wallabag/wallabag/pull/2625) Prepare wallabag 2.1.5 (@nicosomb)
 - [#2623](https://github.com/wallabag/wallabag/pull/2623) Force composer to run as PHP 5.5.9 (@j0k3r)
 - [#2608](https://github.com/wallabag/wallabag/pull/2608) Change version to 2.2.0-dev (@nicosomb)
 - [#2607](https://github.com/wallabag/wallabag/pull/2607) Updated changelog for 2.1.4 (@nicosomb)
@@ -94,7 +100,7 @@
 - [#2397](https://github.com/wallabag/wallabag/pull/2397) Ensure orphan tag are remove in API (@j0k3r)
 - [#2399](https://github.com/wallabag/wallabag/pull/2399) Use default locale for user config (@j0k3r)
 - [#2400](https://github.com/wallabag/wallabag/pull/2400) Set env to prod in documentation (@j0k3r)
-- [#2396](https://github.com/wallabag/wallabag/pull/2396) Update messages.pl.yml (@mruminski)
+- [#2396](https://github.com/wallabag/wallabag/pull/2396) Update messages.pl.yml (@wallabag)
 - [#2395](https://github.com/wallabag/wallabag/pull/2395) Add ability to use socket (@j0k3r)
 - [#2386](https://github.com/wallabag/wallabag/pull/2386) Changed Changelog by using github-changelog-generator from @skywinder (@nicosomb)
 - [#2389](https://github.com/wallabag/wallabag/pull/2389) Added default picture if preview picture is null (@nicosomb)
diff --git a/app/config/config.yml b/app/config/config.yml
index 3d9067d1..ca0ba1d8 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -30,7 +30,7 @@ framework:
     assets: ~
 
 wallabag_core:
-    version: 2.1.5
+    version: 2.1.6
     paypal_url: "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9UBA65LG3FX9Y&lc=gb"
     languages:
         en: 'English'
@@ -195,7 +195,7 @@ fos_oauth_server:
         user_provider: fos_user.user_manager
         options:
             refresh_token_lifetime: 1209600
-                
+
 scheb_two_factor:
     trusted_computer:
         enabled: true
-- 
cgit v1.2.3