From 445fbc5a31e9d7a21e76230e34bb2980db8f23d0 Mon Sep 17 00:00:00 2001 From: E99p1ant Date: Sat, 4 Jun 2022 20:20:24 +0800 Subject: [PATCH 1/3] =?UTF-8?q?issues:=20display=20issue=20poster=E2=80=99?= =?UTF-8?q?s=20`Name`=20instead=20of=20`DisplayName`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/repo/issue/list.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/repo/issue/list.tmpl b/templates/repo/issue/list.tmpl index 9aea699e951..6bfb2b33dbd 100644 --- a/templates/repo/issue/list.tmpl +++ b/templates/repo/issue/list.tmpl @@ -113,7 +113,7 @@ {{end}}

- {{$.i18n.Tr "repo.issues.opened_by" $timeStr .Poster.HomeLink .Poster.DisplayName | Safe}} + {{$.i18n.Tr "repo.issues.opened_by" $timeStr .Poster.HomeLink .Poster.Name | Safe}} {{if .Milestone}} {{.Milestone.Name | Sanitize}} From 824f2b8be8f532d0a9cc52b424aaf5b022d35d72 Mon Sep 17 00:00:00 2001 From: E99p1ant Date: Sat, 4 Jun 2022 23:24:13 +0800 Subject: [PATCH 2/3] sanitize display name --- templates/repo/issue/list.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/repo/issue/list.tmpl b/templates/repo/issue/list.tmpl index 6bfb2b33dbd..13a44806c10 100644 --- a/templates/repo/issue/list.tmpl +++ b/templates/repo/issue/list.tmpl @@ -113,7 +113,7 @@ {{end}}

- {{$.i18n.Tr "repo.issues.opened_by" $timeStr .Poster.HomeLink .Poster.Name | Safe}} + {{$.i18n.Tr "repo.issues.opened_by" $timeStr .Poster.HomeLink .Poster.DisplayName | Sanitize | Safe}} {{if .Milestone}} {{.Milestone.Name | Sanitize}} From dd24db53d72f73171e669e5434b731275298d06e Mon Sep 17 00:00:00 2001 From: E99p1ant Date: Sat, 4 Jun 2022 23:26:29 +0800 Subject: [PATCH 3/3] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e09a29cceab..e81c32b21be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ All notable changes to Gogs are documented in this file. ### Fixed - _Security:_ OS Command Injection in file editor. [#7000](https://github.com/gogs/gogs/issues/7000) +- _Security:_ Sanitize `DisplayName` in repository issue list. [#7009](https://github.com/gogs/gogs/pull/7009) - Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761) - Unable to init repository during creation on Windows. [#6967](https://github.com/gogs/gogs/issues/6967) - Mysterious panic on `Value not found for type *repo.HTTPContext`. [#6963](https://github.com/gogs/gogs/issues/6963) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy