From 32463101f0d8e8ea5febe376c26e3849815bd333 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 17 Mar 2022 09:10:12 +0100
Subject: [PATCH] Fix XSS in the cronjob's error message in cronjobLogList

This can happen if untrusted information, such as the HTTP response body for a
failed Guzzle request, is embedded into the error message.

Thanks to @SoftCreatR for responsibly reporting the issue.
---
 wcfsetup/install/files/acp/templates/cronjobLogList.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/acp/templates/cronjobLogList.tpl b/wcfsetup/install/files/acp/templates/cronjobLogList.tpl
index 3c86a6e744..bb2bb40be9 100644
--- a/wcfsetup/install/files/acp/templates/cronjobLogList.tpl
+++ b/wcfsetup/install/files/acp/templates/cronjobLogList.tpl
@@ -65,7 +65,7 @@
 								<span class="badge green">{lang}wcf.acp.cronjob.log.success{/lang}</span>
 							{elseif $cronjobLog->error}
 								<a class="badge red jsTooltip jsCronjobError" title="{lang}wcf.acp.cronjob.log.error.showDetails{/lang}">{lang}wcf.acp.cronjob.log.error{/lang}</a>
-								<span style="display: none">{@$cronjobLog->error}</span>
+								<span style="display: none">{$cronjobLog->error}</span>
 							{/if}
 						</td>
 						
-- 
2.20.1