Commit 0902a5cc authored by wroot's avatar wroot

OF-1165 fixed Stored Cross-Site Scripting vulnerability

parent 9df61650
......@@ -44,6 +44,11 @@
Search Plugin Changelog
</h1>
<p><b>1.7.1</b> -- July 24, 2016</p>
<ul>
<li>[<a href='https://issues.igniterealtime.org/browse/OF-1165'>OF-1165</a>] - Fixed Stored Cross-Site Scripting vulnerability.</li>
</ul>
<p><b>1.7.0</b> -- October 12, 2015</p>
<ul>
<li>[<a href='http://www.igniterealtime.org/issues/browse/OF-953'>OF-953</a>] - Updated JSP libraries.</li>
......
......@@ -5,8 +5,8 @@
<name>Search</name>
<description>Provides support for Jabber Search (XEP-0055)</description>
<author>Ryan Graham</author>
<version>1.7.0</version>
<date>10/12/2015</date>
<version>1.7.1</version>
<date>07/24/2016</date>
<minServerVersion>4.0.0</minServerVersion>
<adminconsole>
......
......@@ -164,7 +164,7 @@
<a href="../../user-properties.jsp?username=<%= URLEncoder.encode(user.getUsername(), "UTF-8") %>"><%= JID.unescapeNode(user.getUsername()) %></a>
</td>
<td width="33">
<%= user.getName() %> &nbsp;
<%= StringUtils.escapeHTMLTags(user.getName()) %> &nbsp;
</td>
<td width="15%">
<%= user.getCreationDate() != null ? JiveGlobals.formatDate(user.getCreationDate()) : "&nbsp;" %>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment