CVE-2023-30177: Fixed an XSS vulnerability. · craftcms/cms@00fb253

Skip to content

Sign up

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

• For

  • Enterprise
  • Teams
  • Startups
  • Education

  By Solution

  • CI/CD & Automation
  • DevOps
  • DevSecOps

  Case Studies

  • Customer Stories
  • Resources

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections

• Pricing

• In this repository All GitHub

• No suggested jump to results

• In this repository All GitHub

• In this organization All GitHub

• In this repository All GitHub

Sign in

Sign up

craftcms / cms Public

• Notifications
• Fork 611
• Star 3k

• Code
• Issues 349
• Pull requests 49
• Discussions
• Actions
• Security
• Insights

More

Permalink

Browse files

Fixed an XSS vulnerability.

• Loading branch information

angrybrad committed

Feb 23, 2023

1 parent dea6a42 commit 00fb253

Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.

• CHANGELOG.md
• • Asset.php

1 CHANGELOG.md

Show comments View file

@@ -3,6 +3,7 @@

## Unreleased

- Fixed a bug where `craft\events\RegisterElementSourcesEvent::$context` wasn’t always set to `modal` when defining the available element sources for an element selection modal.

- Fixed a styling bug where multi-line checkbox labels within the Customize Sources modal weren’t wrapping properly. ([#12717](https://github.com/craftcms/cms/issues/12717))

- Fixed an XSS vulnerability.

## 3.7.67 - 2023-02-17

2 src/elements/Asset.php

Show comments View file

@@ -1856,7 +1856,7 @@ protected function metadata(): array

return [

Craft::t('app’, ‘Location’) => function() use ($volume) {

$loc = [Craft::t('site’, $volume->name)];

$loc = [Html::encode(Craft::t('site’, $volume->name))];

if ($this->folderPath) {

array_push($loc, …ArrayHelper::filterEmptyStringsFromArray(explode('/’, $this->folderPath)));

}

0 comments on commit 00fb253

Please sign in to comment.