Fixing XSS bug by using what is recommended here... (ccb38182) · Commits · e / infra / ecloud / nextcloud-apps / Rainloop Nextcloud

VERSION

+1 −1

Original line number	Diff line number	Diff line
		7.2.3
		7.2.4

+5 −2

Original line number	Diff line number	Diff line
		@@ -239,7 +239,9 @@ class HtmlUtils
		$oWrapHtml->setAttribute($sKey, $sValue);
		}

		$oWrapDom = $oDom->createElement('div', '___xxx___');
		#$oWrapDom = $oDom->createElement('div', '___xxx___');
		$rand_str = base64_encode(random_bytes(32));
		+ $oWrapDom = $oDom->createElement('div', $rand_str);
		$oWrapDom->setAttribute('data-x-div-type', 'body');
		foreach ($aBodylAttrs as $sKey => $sValue)
		{
		@@ -250,7 +252,8 @@ class HtmlUtils

		$sWrp = $oDom->saveHTML($oWrapHtml);

		$sResult = \str_replace('___xxx___', $sResult, $sWrp);
		#$sResult = \str_replace('___xxx___', $sResult, $sWrp);
		$sResult = \str_replace($rand_str, $sResult, $sWrp);
		}

		$sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult);

+1 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@
		<name>RainLoop</name>
		<summary>RainLoop Webmail</summary>
		<description>Simple, modern and fast web-based email client. After enabling in Nextcloud, go to Nextcloud admin panel, "Additionnal settings" and you will see a "Rainloop webmail" section. There, click on the link to go to the Rainloop admin panel. The default user/password is admin/12345. This version is based on Rainloop 1.16.0 (2021-05).</description>
		<version>7.2.3</version>
		<version>7.2.4</version>
		<licence>agpl</licence>
		<author>RainLoop Team, Nextgen-Networks, Tab Fitts, Nathan Kinkade, Pierre-Alain Bandinelli</author>
		<namespace>RainLoop</namespace>

+1 −1

Original line number	Diff line number	Diff line
		7.2.3
		7.2.4