eessppeelllloo/grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-12-05 15:29:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed entity sanitization for XSS detection

Browse Source
This commit is contained in:
Djamil Legato
2022-02-23 14:57:36 -08:00
parent b992d7f185
commit 3dd0cabeac
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -8,6 +8,7 @@
* Fixed `'mbstring' extension is not loaded` error, use Polyfill instead [#3504](https://github.com/getgrav/grav/pull/3504)
* Fixed new `Utils::pathinfo()` and `Utils::basename()` being too strict for legacy use [#3542](https://github.com/getgrav/grav/issues/3542)
* Fixed non-standard video html atributes generated by `{{ media.html() }}` [#3540](https://github.com/getgrav/grav/issues/3540)
* Fixed entity sanitization for XSS detection
# v1.7.30
## 02/07/2022

2
system/src/Grav/Common/Security.php
View File

@@ -200,7 +200,7 @@ class Security
}, $string);
// Clean up entities
$string = preg_replace('!(&#0+[0-9]+)!u', '$1;', $string);
$string = preg_replace('!(&#[0-9]+)!u', '$1;', $string);
// Decode entities
$string = html_entity_decode($string, ENT_NOQUOTES | ENT_HTML5, 'UTF-8');