Commit 0902a5cc authored by wroot's avatar wroot

OF-1165 fixed Stored Cross-Site Scripting vulnerability

parent 9df61650
...@@ -44,6 +44,11 @@ ...@@ -44,6 +44,11 @@
Search Plugin Changelog Search Plugin Changelog
</h1> </h1>
<p><b>1.7.1</b> -- July 24, 2016</p>
<ul>
<li>[<a href='https://issues.igniterealtime.org/browse/OF-1165'>OF-1165</a>] - Fixed Stored Cross-Site Scripting vulnerability.</li>
</ul>
<p><b>1.7.0</b> -- October 12, 2015</p> <p><b>1.7.0</b> -- October 12, 2015</p>
<ul> <ul>
<li>[<a href='http://www.igniterealtime.org/issues/browse/OF-953'>OF-953</a>] - Updated JSP libraries.</li> <li>[<a href='http://www.igniterealtime.org/issues/browse/OF-953'>OF-953</a>] - Updated JSP libraries.</li>
......
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
<name>Search</name> <name>Search</name>
<description>Provides support for Jabber Search (XEP-0055)</description> <description>Provides support for Jabber Search (XEP-0055)</description>
<author>Ryan Graham</author> <author>Ryan Graham</author>
<version>1.7.0</version> <version>1.7.1</version>
<date>10/12/2015</date> <date>07/24/2016</date>
<minServerVersion>4.0.0</minServerVersion> <minServerVersion>4.0.0</minServerVersion>
<adminconsole> <adminconsole>
......
...@@ -164,7 +164,7 @@ ...@@ -164,7 +164,7 @@
<a href="../../user-properties.jsp?username=<%= URLEncoder.encode(user.getUsername(), "UTF-8") %>"><%= JID.unescapeNode(user.getUsername()) %></a> <a href="../../user-properties.jsp?username=<%= URLEncoder.encode(user.getUsername(), "UTF-8") %>"><%= JID.unescapeNode(user.getUsername()) %></a>
</td> </td>
<td width="33"> <td width="33">
<%= user.getName() %> &nbsp; <%= StringUtils.escapeHTMLTags(user.getName()) %> &nbsp;
</td> </td>
<td width="15%"> <td width="15%">
<%= user.getCreationDate() != null ? JiveGlobals.formatDate(user.getCreationDate()) : "&nbsp;" %> <%= user.getCreationDate() != null ? JiveGlobals.formatDate(user.getCreationDate()) : "&nbsp;" %>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment