Scrub user data in User->update()

Fixes another persistent XSS vulnerability.
author: Paul Arthur <paul.arthur@flowerysong.com> 2013-02-07 16:34:21 -0500
committer: Paul Arthur <paul.arthur@flowerysong.com> 2013-02-07 16:36:44 -0500
commit: 453a161a78acf07926a9ad7a8afef7cb07b23e7b (patch)
tree: 17bc28a2fc5bb437ae5bcf3a049c24102c2903eb /docs
parent: 266f7cea9bd51df298cc45fbb8abb39a1375acd2 (diff)
download: ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.tar.gz
ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.tar.bz2
ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 82ffa1a6..6d4fba04 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,8 @@
 
 --------------------------------------------------------------------------
   v.3.6-FUTURE
+    - Fixed persistent XSS vulnerability in user self-editing (reported by
+        Jean-Lou Hau)
     - Fixed persistent XSS vulnerabilities in AJAX object editing (reported by
         Jean-Lou Hau)
     - Fixed character set detection for ID3v1 tags
author	Paul Arthur <paul.arthur@flowerysong.com>	2013-02-07 16:34:21 -0500
committer	Paul Arthur <paul.arthur@flowerysong.com>	2013-02-07 16:36:44 -0500
commit	453a161a78acf07926a9ad7a8afef7cb07b23e7b (patch)
tree	17bc28a2fc5bb437ae5bcf3a049c24102c2903eb /docs
parent	266f7cea9bd51df298cc45fbb8abb39a1375acd2 (diff)
download	ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.tar.gz ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.tar.bz2 ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.zip