Merge remote-tracking branch 'origin/MAGETWO-45292-XSS-Payload-in-websites-translation-table' into RC1-bugfixes

Eugene Tulika · Eugene Tulika · commit 32e5e5f492fa · 2015-11-11T21:07:30.000-06:00
diff --git a/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php b/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php
@@ -210,6 +210,7 @@ public function saveTranslate($string, $translate, $locale = null, $storeId = nu
     {
         $connection = $this->getConnection();
         $table = $this->getMainTable();
+        $translate = htmlspecialchars($translate, ENT_QUOTES);
 
         if ($locale === null) {
             $locale = $this->_localeResolver->getLocale();

Original file line number	Diff line number	Diff line change
`@@ -210,6 +210,7 @@ public function saveTranslate($string, $translate, $locale = null, $storeId = nu`
`210`	`210`	`{`
`211`	`211`	`$connection = $this->getConnection();`
`212`	`212`	`$table = $this->getMainTable();`
	`213`	`+ $translate = htmlspecialchars($translate, ENT_QUOTES);`
`213`	`214`
`214`	`215`	`if ($locale === null) {`
`215`	`216`	`$locale = $this->_localeResolver->getLocale();`