[pmwiki-announce] PmWiki 2.2.137 released
Petko Yotov
5ko at 5ko.fr
Fri Feb 26 11:16:32 PST 2021
This is a quick update to 2.2.137 to fix a bug with entities
encoded twice in the quoted attributes.
https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.137.tgz
https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.137.zip
svn://www.pmwiki.org/pmwiki/tags/latest
Only pmwiki.php changed since 2.2.136.
Thanks,
Petko
On 26/02/2021 15:10, Petko Yotov wrote:
> Hello. PmWiki version 2.2.136 was published today, and is available at:
>
> https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.136.tgz
> https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.136.zip
> svn://www.pmwiki.org/pmwiki/tags/latest
>
> This version fixes a XSS vulnerability for WikiStyles reported today by
> Igor Sak-Sakovskiy.
>
> The fix adds a second argument $keep to the core function PQA($attr,
> $keep=true) which by default escapes HTML special characters and places
> the values in Keep() containers. If you have custom functions that call
> PQA() and expect the previous behavior, set the second argument to
> false.
>
> If you have any questions or difficulties, please let us know.
>
> Thanks,
> Petko
More information about the pmwiki-announce
mailing list