Fix XSS in the cronjob's error message in cronjobLogList

This can happen if untrusted information, such as the HTTP response body for a
failed Guzzle request, is embedded into the error message.

Thanks to @SoftCreatR for responsibly reporting the issue.

diff --git a/wcfsetup/install/files/acp/templates/cronjobLogList.tpl b/wcfsetup/install/files/acp/templates/cronjobLogList.tpl
index 3c86a6e744d310ba7c4c0d40b4a79cc8138db2f8..bb2bb40be914f67e9e533ae051298995288c5050 100644 (file)
--- a/wcfsetup/install/files/acp/templates/cronjobLogList.tpl
+++ b/wcfsetup/install/files/acp/templates/cronjobLogList.tpl
@@ -65,7 +65,7 @@
                                                                <span class="badge green">{lang}wcf.acp.cronjob.log.success{/lang}</span>
                                                        {elseif $cronjobLog->error}
                                                                <a class="badge red jsTooltip jsCronjobError" title="{lang}wcf.acp.cronjob.log.error.showDetails{/lang}">{lang}wcf.acp.cronjob.log.error{/lang}</a>
-                                                               <span style="display: none">{@$cronjobLog->error}</span>
+                                                               <span style="display: none">{$cronjobLog->error}</span>
                                                        {/if}
                                                </td>