mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-11-24 10:01:02 +00:00
Code Issues Projects Releases Wiki Activity

views: escape piwik host and siteId to prevent XSS

Browse source 
Fixes CVE-2018-11352

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf 2018-09-23 22:46:09 +02:00
parent 8013f35d96
commit 66697b29b9
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Wallabag/CoreBundle/Resources/views/base.html.twig
View file

@ -69,7 +69,7 @@
{% block footer %}{% endblock %}
{% if craue_setting('piwik_enabled') %}
{{ piwik(craue_setting('piwik_host'), craue_setting('piwik_site_id')) }}
{{ piwik(craue_setting('piwik_host')|e('html_attr'), craue_setting('piwik_site_id')|e('html_attr')) }}
{% endif %}
</body>
</html>