Good Morning!
These are the git changes for DokuWiki committed
yesterday. Please test them and report bugs.
---------------------------------------------------------------------
http://github.com/dokuwiki/dokuwiki/commit/8940a8f12c0d0d3f90a1076b18dbdadb8b12647f
Merge: 8f3b3b9e9 4ebc7ff49
Author: Andreas Gohr <andi[at]splitbrain.org>
Date: Mon May 15 19:24:58 2023 +0200
Merge pull request #3969 from dokuwiki-translate/lang_update_635_1684167422
Translation update (pt-br)
http://github.com/dokuwiki/dokuwiki/commit/8f3b3b9e94039b86ccb57aab1031e2175b1e5aea
Merge: 94ce2489c 53df38b0e
Author: Andreas Gohr <andi[at]splitbrain.org>
Date: Mon May 15 19:05:58 2023 +0200
Merge pull request #3967 from dokuwiki/rssxss
fix XSS in RSS syntax
http://github.com/dokuwiki/dokuwiki/commit/4ebc7ff4967e0fb77f05519c1db2bbcdda3abc18
Author: Daniel Dias Rodrigues <danieldiasr[at]gmail.com>
Date: Mon May 15 18:21:26 2023 +0200
translation update
http://github.com/dokuwiki/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de
Author: Andreas Gohr <andi[at]splitbrain.org>
Date: Mon May 15 08:06:00 2023 +0200
fix XSS in RSS syntax
The title was not correctly escaped when written to the doc in xhtml
renderer.
SimplePie does no content escaping on its own (a comment in the code
seems to suggest that that was assumed). Instead the content is passed
on as-is from the feed.
This patch also applies some more escaping on the description output
(though it should have been relatively safe thanks to the use of
striptags).
This was discovered by [at]ry0tak and reported in
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
---------------------------------------------------------------------
You can download individual diffs or patches by appending .diff or
.patch to the given commit URLs above.
Bye,
your git changelog mailer
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist