From 7238c430181d8d73ce372ae7020f88befb428503 Mon Sep 17 00:00:00 2001
From: riking <rikingcoding@gmail.com>
Date: Fri, 8 May 2015 19:28:04 -0700
Subject: [PATCH] SECURITY: XSS in poll errors dialog

---
 plugins/poll/plugin.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/plugins/poll/plugin.rb b/plugins/poll/plugin.rb
index ead1b6122..3808e0aaa 100644
--- a/plugins/poll/plugin.rb
+++ b/plugins/poll/plugin.rb
@@ -220,7 +220,7 @@ after_initialize do
       if polls.has_key?(poll["name"])
         poll["name"] == DEFAULT_POLL_NAME ?
           self.errors.add(:base, I18n.t("poll.multiple_polls_without_name")) :
-          self.errors.add(:base, I18n.t("poll.multiple_polls_with_same_name", name: poll["name"]))
+          self.errors.add(:base, I18n.t("poll.multiple_polls_with_same_name", name: ERB::Util.html_escape(poll["name"])))
         return
       end
 
@@ -228,7 +228,7 @@ after_initialize do
       if poll["options"].map { |o| o["id"] }.uniq.size != poll["options"].size
         poll["name"] == DEFAULT_POLL_NAME ?
           self.errors.add(:base, I18n.t("poll.default_poll_must_have_different_options")) :
-          self.errors.add(:base, I18n.t("poll.named_poll_must_have_different_options", name: poll["name"]))
+          self.errors.add(:base, I18n.t("poll.named_poll_must_have_different_options", name: ERB::Util.html_escape(poll["name"])))
         return
       end
 
@@ -236,7 +236,7 @@ after_initialize do
       if poll["options"].size < 2
         poll["name"] == DEFAULT_POLL_NAME ?
           self.errors.add(:base, I18n.t("poll.default_poll_must_have_at_least_2_options")) :
-          self.errors.add(:base, I18n.t("poll.named_poll_must_have_at_least_2_options", name: poll["name"]))
+          self.errors.add(:base, I18n.t("poll.named_poll_must_have_at_least_2_options", name: ERB::Util.html_escape(poll["name"])))
         return
       end
 
@@ -244,7 +244,7 @@ after_initialize do
       if poll["options"].size > SiteSetting.poll_maximum_options
         poll["name"] == DEFAULT_POLL_NAME ?
           self.errors.add(:base, I18n.t("poll.default_poll_must_have_less_options", max: SiteSetting.poll_maximum_options)) :
-          self.errors.add(:base, I18n.t("poll.named_poll_must_have_less_options", name: poll["name"], max: SiteSetting.poll_maximum_options))
+          self.errors.add(:base, I18n.t("poll.named_poll_must_have_less_options", name: ERB::Util.html_escape(poll["name"]), max: SiteSetting.poll_maximum_options))
         return
       end