gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-10 11:02:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2020-11-24 09:28:21 +01:00
commit a182717d4a
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG
View File

@ -196,6 +196,8 @@
- theme in configuration can override theme of user - theme in configuration can override theme of user
- saving the settings will no longer reenable an extention with no configuration - saving the settings will no longer reenable an extention with no configuration
- put a red/green bullet before the extension name in the settings - put a red/green bullet before the extension name in the settings
- escape value of dropfolderfile in input form field created by
SeedDMS_Bootstrap_Style::getDropFolderChooserHtml() (CVE-2020-2872)
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.20 Changes in version 5.1.20

2
views/bootstrap/class.Bootstrap.php
View File

@ -1850,7 +1850,7 @@ $(document).ready(function() {
function getDropFolderChooserHtml($formName, $dropfolderfile="", $showfolders=0) { /* {{{ */ function getDropFolderChooserHtml($formName, $dropfolderfile="", $showfolders=0) { /* {{{ */
$content = "<div class=\"input-append\">\n"; $content = "<div class=\"input-append\">\n";
$content .= "<input readonly type=\"text\" id=\"dropfolderfile".$formName."\" name=\"dropfolderfile".$formName."\" value=\"".$dropfolderfile."\">"; $content .= "<input readonly type=\"text\" id=\"dropfolderfile".$formName."\" name=\"dropfolderfile".$formName."\" value=\"".htmlspecialchars($dropfolderfile)."\">";
$content .= "<button type=\"button\" class=\"btn\" id=\"clearfilename".$formName."\"><i class=\"fa fa-remove\"></i></button>"; $content .= "<button type=\"button\" class=\"btn\" id=\"clearfilename".$formName."\"><i class=\"fa fa-remove\"></i></button>";
$content .= $this->getModalBoxLink( $content .= $this->getModalBoxLink(
array( array(