Skip to content

Commit

Permalink
Merge pull request from GHSA-qg5r-95m4-mjgj
Browse files Browse the repository at this point in the history
* Hotfix: Reflected XSS in Debug mode

* Added entry for the security issue GHSA-qg5r-95m4-mjgj to the CHANGELOG

* Update CHANGELOG.md

* Update CHANGELOG.md

---------

Co-authored-by: Alexander Makarov <sam@rmcreative.ru>
  • Loading branch information
Antiphishing and samdark authored May 30, 2024
1 parent 628d406 commit f7baab1
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions framework/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ Yii Framework 2 Change Log
- New #20137: Added `yii\caching\CallbackDependency` to allow using a callback to determine if a cache dependency is still valid (laxity7)
- Enh #20134: Raise minimum `PHP` version to `7.3` (@terabytesoftw)
- Bug #20141: Update `ezyang/htmlpurifier` dependency to version `4.17` (@terabytesoftw)
- CVE-2024-32877: Fixed Reflected XSS in Debug mode (Antiphishing)
- CVE-2024-4990: Fix Unsafe Reflection in base Component class (@mtangoo)
- Bug #19817: Add MySQL Query `addCheck()` and `dropCheck()` (@bobonov)
- Bug #20165: Adjust pretty name of closures for PHP 8.4 compatibility (@staabm)
Expand Down
2 changes: 1 addition & 1 deletion framework/web/ErrorHandler.php
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ protected function convertExceptionToArray($exception)
*/
public function htmlEncode($text)
{
return htmlspecialchars($text, ENT_NOQUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
return htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
}

/**
Expand Down

0 comments on commit f7baab1

Please # to comment.