diff --git a/CHANGELOG.md b/CHANGELOG.md index ad9164266..c31d62b64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ ## Changelog +### 2.1.6 2017/01/17 +- [#2758](https://github.com/wallabag/wallabag/pull/2758) Fixed possible JS injection via the title edition (@nicosomb) +- [#2736](https://github.com/wallabag/wallabag/pull/2736) Update copyright year (@lex111) +- [#2624](https://github.com/wallabag/wallabag/pull/2624) Fix #2056 update config.yml (@Rurik19) + ### 2.1.5 2016/11/21 +- [#2625](https://github.com/wallabag/wallabag/pull/2625) Prepare wallabag 2.1.5 (@nicosomb) - [#2623](https://github.com/wallabag/wallabag/pull/2623) Force composer to run as PHP 5.5.9 (@j0k3r) - [#2608](https://github.com/wallabag/wallabag/pull/2608) Change version to 2.2.0-dev (@nicosomb) - [#2607](https://github.com/wallabag/wallabag/pull/2607) Updated changelog for 2.1.4 (@nicosomb) @@ -94,7 +100,7 @@ - [#2397](https://github.com/wallabag/wallabag/pull/2397) Ensure orphan tag are remove in API (@j0k3r) - [#2399](https://github.com/wallabag/wallabag/pull/2399) Use default locale for user config (@j0k3r) - [#2400](https://github.com/wallabag/wallabag/pull/2400) Set env to prod in documentation (@j0k3r) -- [#2396](https://github.com/wallabag/wallabag/pull/2396) Update messages.pl.yml (@mruminski) +- [#2396](https://github.com/wallabag/wallabag/pull/2396) Update messages.pl.yml (@wallabag) - [#2395](https://github.com/wallabag/wallabag/pull/2395) Add ability to use socket (@j0k3r) - [#2386](https://github.com/wallabag/wallabag/pull/2386) Changed Changelog by using github-changelog-generator from @skywinder (@nicosomb) - [#2389](https://github.com/wallabag/wallabag/pull/2389) Added default picture if preview picture is null (@nicosomb) diff --git a/COPYING.md b/COPYING.md index bc5be3414..6be863d32 100644 --- a/COPYING.md +++ b/COPYING.md @@ -1,4 +1,4 @@ -Copyright (c) 2013-2016 Nicolas Lœuillet +Copyright (c) 2013-2017 Nicolas Lœuillet Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index c94882884..f96e2b8c7 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,6 @@ make run ``` # License -Copyright © 2013-2016 Nicolas Lœuillet +Copyright © 2013-2017 Nicolas Lœuillet This work is free. You can redistribute it and/or modify it under the terms of the MIT License. See the COPYING file for more details. diff --git a/app/config/config.yml b/app/config/config.yml index 05c82e434..68f70d67f 100644 --- a/app/config/config.yml +++ b/app/config/config.yml @@ -30,7 +30,7 @@ framework: assets: ~ wallabag_core: - version: 2.1.5 + version: 2.1.6 paypal_url: "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9UBA65LG3FX9Y&lc=gb" languages: en: 'English' diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig index 95c846867..859b166b1 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig @@ -28,7 +28,7 @@ {% for entry in entries %}
-

{{ entry.title|raw }}

+

{{ entry.title|e|raw }}

{% set readingTime = entry.readingTime / app.user.config.readingSpeed %}
@@ -65,7 +65,7 @@
  • {{ tag.label }}
    • {% endfor %} - {{ entry.title|raw }} + {{ entry.title|e|raw }} {% endif %}
    {% endfor %} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig index 8ac2bc0bf..a555691df 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entry.html.twig @@ -1,11 +1,11 @@ {% extends "WallabagCoreBundle::layout.html.twig" %} -{% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %} +{% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %} {% block content %}
    -

    {{ entry.title|raw }}

    +

    {{ entry.title|e|raw }}

    @@ -68,7 +68,7 @@
    {% if entry.previewPicture is not null %} -
    {{ entry.title|raw }}
    +
    {{ entry.title|e|raw }}
    {% endif %}
    {{ entry.content | raw }} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig index 16ecaa979..12e8c79fd 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/entries.xml.twig @@ -18,7 +18,7 @@ {% for entry in entries %} - <![CDATA[{{ entry.title }}]]> + <![CDATA[{{ entry.title|e }}]]> wallabag {{ entry.url }} {{ entry.url }} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig index f77264c67..623cf1c4d 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig @@ -1,6 +1,6 @@ - {{ entry.title | raw }} + {{ entry.title|e|raw }} - + {% set picturePath = app.request.schemeAndHttpHost ~ asset('bundles/wallabagcore/themes/_global/img/logo-other_themes.png') %} @@ -38,13 +38,13 @@ - +
    -

    {{ entry.title | raw }}

    - +

    {{ entry.title|e|raw }}

    +
    {{ "entry.public.shared_by_wallabag"|trans({'%wallabag_instance%': url('homepage')})|raw }}
    diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig index 0fdd5996d..91a1bac0d 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig @@ -11,8 +11,8 @@
    - - {{ entry.title | raw | striptags | truncate(80, true, '…') }} + + {{ entry.title | e | raw | striptags | truncate(80, true, '…') }} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig index 19a400b4b..ed916e798 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig @@ -2,8 +2,8 @@
    - - {{ entry.title | raw | striptags | truncate(80, true, '…') }} + + {{ entry.title | e | raw | striptags | truncate(80, true, '…') }} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig index b0e3c06de..d23be4d09 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig @@ -13,8 +13,8 @@ more_vert - - {{ entry.title| striptags | truncate(80, true, '…') | raw }} + + {{ entry.title | e | striptags | truncate(80, true, '…') | raw }} @@ -29,8 +29,8 @@
    clear - - {{ entry.title | raw | striptags | truncate(80, true, '…') }} + + {{ entry.title | e | raw | striptags | truncate(80, true, '…') }} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig index a99bc4eae..15428b923 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig @@ -1,6 +1,6 @@ {% extends "WallabagCoreBundle::layout.html.twig" %} -{% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %} +{% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %} {% block body_class %}entry{% endblock %} @@ -209,7 +209,7 @@ {% block content %}
    -

    {{ entry.title|raw }}

    +

    {{ entry.title|e|raw }}