Mirror
/
CraftCMS
mirror of https://github.com/craftcms/cms.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Information disclosure vulnerability

pull/12302/head
brandonkelly 3 years ago
parent
b3e6247db2
commit
fe80ab31da
No known key found for this signature in database GPG Key ID: 5E86D0CED64C7093
2 changed files with 26 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      CHANGELOG.md
  2. 22
      src/web/twig/Extension.php

4
CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Release Notes for Craft CMS 3.x
## Unreleased
- Fixed an information disclosure vulnerability.
## 3.7.59 - 2022-10-27
- Asset folder and file names are now converted to ASCII using the primary site’s language for character mappings, regardless of the current user’s preferred language, when the `convertFilenamesToAscii` config setting is enabled. ([#12207](https://github.com/craftcms/cms/discussions/12207))

22
src/web/twig/Extension.php
View File

@ -55,6 +55,7 @@ use DateInterval;
use DateTime;
use DateTimeInterface;
use DateTimeZone;
use Traversable;
use Twig\Environment as TwigEnvironment;
use Twig\Error\RuntimeError;
use Twig\Extension\AbstractExtension;
@ -268,6 +269,7 @@ class Extension extends AbstractExtension implements GlobalsInterface
new TwigFilter('replace', [$this, 'replaceFilter']),
new TwigFilter('rss', [$this, 'rssFilter'], ['needs_environment' => true]),
new TwigFilter('snake', [$this, 'snakeFilter']),
new TwigFilter('sort', [$this, 'sortFilter'], ['needs_environment' => true]),
new TwigFilter('time', [$this, 'timeFilter'], ['needs_environment' => true]),
new TwigFilter('timestamp', [$this, 'timestampFilter']),
new TwigFilter('translate', [$this, 'translateFilter']),
@ -476,6 +478,26 @@ class Extension extends AbstractExtension implements GlobalsInterface
return StringHelper::toSnakeCase((string)$string);
}
/**
* Sorts an array.
*
* @param TwigEnvironment $env
* @param array|Traversable $array
* @param string|callable|null $arrow
* @return array
* @throws RuntimeError
* @since 3.7.60
*/
public function sortFilter(TwigEnvironment $env, $array, $arrow = null): array
{
if (strtolower($arrow) === 'system') {
throw new RuntimeError('The sort filter doesn\'t support sorting by system().');
}
return twig_sort_filter($env, $array, $arrow);
}
/**
* Formats the value as a currency number.
*

Write Preview
Loading…
Cancel
Save