mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-01 14:10:37 +02:00
Code Issues Releases Wiki Activity

Fix XSS vulnerability

Browse Source
This commit is contained in:
David Wheatley
2021-06-06 02:41:48 +01:00
parent 571e9c95d3
commit 5ae2eb9f1e
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
framework/core/js/src/common/Translator.ts → framework/core/js/src/common/Translator.tsx
View File

@@ -48,12 +48,23 @@ export default class Translator {
// future there should be a hook here to inspect the user and change the // future there should be a hook here to inspect the user and change the
// translation key. This will allow a gender property to determine which // translation key. This will allow a gender property to determine which
// translation key is used. // translation key is used.
if ('user' in parameters) { if ('user' in parameters) {
const user = extract(parameters, 'user'); const user = extract(parameters, 'user');
if (!parameters.username) parameters.username = username(user); if (!parameters.username) parameters.username = username(user);
} }
return parameters;
const escapedParameters: TranslatorParameters = {};
for (const param in parameters) {
const paramValue = parameters[param];
if (typeof paramValue === 'string') escapedParameters[param] = <>{parameters[param]}</>;
else escapedParameters[param] = parameters[param];
}
return escapedParameters;
} }
trans(id: string, parameters: TranslatorParameters = {}) { trans(id: string, parameters: TranslatorParameters = {}) {