Release v0.9.3

-----BEGIN PGP SIGNATURE-----
 
 iQFLBAABCAA1FiEEEv0k8DWUT53dSMUkR6bSrUEA328FAlpOYNkXHHZpcnR1YWx0
 YW1AZmxpYmlkaS5uZXQACgkQR6bSrUEA329Qggf/TCRMsuYsL3TtgxeEAwZh+fPG
 TmfsVUpc+3fnfZCYQAPZ4JXzGTvqrPKRewm3xuIj/s+46y5vxLoppLBN9ULhG97F
 rTllSWvl252+A+COZlSNQYRfUt4gmtm4hS7iUTrTzzTLZkuwhr8vkj05+b+gI9N6
 IT76HX/5onKUhZh+5L2ipFRF3KHBcwCaJbUOUT0YtEL/LqcT/F6oPnoagYLfgYDw
 I1E8ewcXyO8aMw98dghGg2xwIHytljRqqZXMUDs03n+50KFwPmP3CzZbohfW5uMV
 KsY79gB79B4pLoB9Slp3vypsoEL8wbfgZCLzMLlqr93xdztOp+bG9MQ9yvInjg==
 =2XAs
 -----END PGP SIGNATURE-----

Merge tag 'v0.9.3' into latest

Release v0.9.3
This commit is contained in:
VirtualTam 2018-01-04 18:35:22 +01:00
commit 57e4a974f7
4 changed files with 12 additions and 4 deletions

View file

@ -1,5 +1,5 @@
537 ArthurHoaro <arthur@hoa.ro>
252 VirtualTam <virtualtam@flibidi.net>
542 ArthurHoaro <arthur@hoa.ro>
255 VirtualTam <virtualtam@flibidi.net>
148 nodiscc <nodiscc@gmail.com>
56 Sébastien Sauvage <sebsauvage@sebsauvage.net>
15 Florian Eula <eula.florian@gmail.com>

View file

@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
## [v0.9.3](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3) - 2018-01-04
**XSS vulnerability fixed. Please update.**
### Security
- Fix an XSS (cross-site-scripting) vulnerability in `index.php`
## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07
**Major security issue fixed. Please update.**

View file

@ -431,7 +431,7 @@ function ban_canLogin($conf)
else
{
ban_loginFailed($conf);
$redir = '&username='. $_POST['login'];
$redir = '&username='. urlencode($_POST['login']);
if (isset($_GET['post'])) {
$redir .= '&post=' . urlencode($_GET['post']);
foreach (array('description', 'source', 'title', 'tags') as $param) {

View file

@ -1 +1 @@
<?php /* 0.9.2 */ ?>
<?php /* 0.9.3 */ ?>