Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-11-05 04:46:03 +01:00
Code Issues Packages Projects Releases Activity

Fix XSS checking when empty content #1533

Browse Source
This commit is contained in:
Andy Miller
2018-10-23 08:35:13 -06:00
parent 8f654dcacc
commit 5307038c98
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -10,6 +10,7 @@
* Fixed file extension detection * Fixed file extension detection
* Fix for HTML entities in page slug [#1524](https://github.com/getgrav/grav-plugin-admin/issues/1524) * Fix for HTML entities in page slug [#1524](https://github.com/getgrav/grav-plugin-admin/issues/1524)
* Fix for port in backup download links [#1521](https://github.com/getgrav/grav-plugin-admin/issues/1521) * Fix for port in backup download links [#1521](https://github.com/getgrav/grav-plugin-admin/issues/1521)
* Fix XSS checking when empty content [#1533](https://github.com/getgrav/grav-plugin-admin/issues/1533)
# v1.8.10 # v1.8.10
## 10/01/2018 ## 10/01/2018

2
classes/admincontroller.php
View File

@@ -658,7 +658,7 @@ class AdminController extends AdminBaseController
// XSS Checks for page content // XSS Checks for page content
$xss_whitelist = $this->grav['config']->get('security.xss_whitelist', 'admin.super'); $xss_whitelist = $this->grav['config']->get('security.xss_whitelist', 'admin.super');
if (!$this->admin->authorize($xss_whitelist)) { if (!$this->admin->authorize($xss_whitelist)) {
$check_what = ['header' => $data['header'], 'content' => $data['content']]; $check_what = ['header' => $data['header'], 'content' => isset($data['content']) ? $data['content'] : ''];
$results = Security::detectXssFromArray($check_what); $results = Security::detectXssFromArray($check_what);
if (!empty($results)) { if (!empty($results)) {
$this->admin->setMessage('<i class="fa fa-ban"></i> ' . $this->admin->translate('PLUGIN_ADMIN.XSS_ONSAVE_ISSUE'), $this->admin->setMessage('<i class="fa fa-ban"></i> ' . $this->admin->translate('PLUGIN_ADMIN.XSS_ONSAVE_ISSUE'),