Merge pull request #1376 from TencentBlueKing/v2.6.x_develop

release: 2.6.28
TencentBlueKing · Aug 8, 2024 · 94c5750 · 94c5750
2 parents 48160aa + 5e6b9d6
commit 94c5750
Show file tree

Hide file tree

Showing 12 changed files with 30 additions and 11 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.6.26
+2.6.28
diff --git a/app.yml b/app.yml
@@ -5,7 +5,7 @@ author: 蓝鲸智云
 category: 办公应用
 introduction: 流程服务是蓝鲸推出的轻量级ITSM，通过可自定义设计的流程模块，覆盖IT服务中的不同管理活动或应用场景。帮助企业用户规范内部管理流程，提升沟通及管理效率。
 introduction_en: bk_itsm is a lightweight ITSM created by Blueking. It covers different application scenarios in IT services through customizable workflows and help enterprise users to implement standardize IT workflow, improve communication and management efficiency.
-version: 2.6.26
+version: 2.6.28
 language: python
 is_use_celery: True
 is_use_celery_with_gevent: False

diff --git a/app_desc.yaml b/app_desc.yaml
@@ -1,5 +1,5 @@
 spec_version: 2
-app_version: "2.6.26"
+app_version: "2.6.28"
 app:
     region: default
     bk_app_code: bk_itsm

diff --git a/common/utils.py b/common/utils.py
@@ -22,7 +22,7 @@
 WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 """
-
+import re
 
 # 开发框架公用方法
 # 1. 页面输入内容转义（防止xss攻击）
@@ -89,3 +89,7 @@ def texteditor_escape(str_escape):
 def cmp(a, b):
     """适配py2的cmp方法"""
     return (a > b) - (a < b)
+
+
+def strip_tags(value):
+    return re.sub(r'<[^>]*?>', '', value)
diff --git a/config/default.py b/config/default.py
@@ -957,4 +957,4 @@ def redirect_func(request):
 
 # 公共配置
 BK_SHARED_RES_URL = os.getenv("BKPAAS_SHARED_RES_URL") or os.getenv("BKAPP_SHARED_RES_URL")
-BK_PLATFORM_NAME = os.getenv("BKAPP_PLATFORM_NAME", "Tencent BlueKing")
+BK_PLATFORM_NAME = os.getenv("BKAPP_PLATFORM_NAME", "")
diff --git a/docs/RELEASE.md b/docs/RELEASE.md
@@ -1,4 +1,11 @@
 # Changelog
+## [Version: 2.6.28] - 2024-08-08
+【修复】修复表单提交XSS漏洞
+
+## [Version: 2.6.27] - 2024-08-07
+【优化】项目初始化时登录为全屏模式  
+【优化】项目标题title规范调整  
+
 ## [Version: 2.6.26] - 2024-07-22
 【修复】修复接口数值为 0 导致流程异常的问题  
 【修复】修复apigw初始化异常的问题  

diff --git a/docs/RELEASE_EN.md b/docs/RELEASE_EN.md
@@ -1,4 +1,12 @@
 # Changelog
+## [Version: 2.6.28] - 2024-08-08
+【Fixed】Fix the XSS vulnerability in form submission.
+
+## [Version: 2.6.27] - 2024-08-07
+【Improved】Login in Full-Screen Mode during Project Initialization  
+【Improved】Project Title Specification Adjustment  
+
+
 ## [Version: 2.6.26] - 2024-07-22
 【Fixed】Fix the issue where an interface value of 0 causes process abnormalities.  
 【Fixed】Fix the initialization exception of apigw.  

diff --git a/frontend/pc/src/i18n/lang/en.js b/frontend/pc/src/i18n/lang/en.js
@@ -2691,5 +2691,5 @@ export const m = {
   ':': ':',
   '单据已由processor处理,您无需操作': 'The ticket has been processed by {processor} and you do not need to operate',
   我知道了: 'I See',
-  蓝鲸: 'BlueKing',
+  蓝鲸智云: 'Tencent BlueKing',
 };
diff --git a/frontend/pc/src/i18n/lang/zh.js b/frontend/pc/src/i18n/lang/zh.js
@@ -2763,5 +2763,5 @@ export const m = {
   ':': ':',
   '单据已由processor处理,您无需操作': '单据已由{processor}处理,您无需操作',
   我知道了: '我知道了',
-  蓝鲸: '蓝鲸',
+  蓝鲸智云: '蓝鲸智云',
 };
diff --git a/frontend/pc/src/store/index.js b/frontend/pc/src/store/index.js
@@ -271,7 +271,7 @@ export default new Vuex.Store({
     platformInfo: { // 项目全局配置
       favicon: `${window.SITE_URL}static/core/images/bk_itsm.png`,
       name: window.log_name || i18n.t('m[\'流程服务\']'),
-      brandName: window.BK_PLATFORM_NAME || i18n.t('m[\'蓝鲸\']'),
+      brandName: window.BK_PLATFORM_NAME || i18n.t('m[\'蓝鲸智云\']'),
       version: window.VERSION,
       i18n: {}
     },

diff --git a/frontend/pc/src/utils/ajax.js b/frontend/pc/src/utils/ajax.js
@@ -85,7 +85,7 @@ instance.interceptors.response.use(
         let [loginUrl] = login_url.split('?');
         loginUrl = `${loginUrl}?c_url=${encodeURIComponent(successUrl)}`;
 
-        showLoginModal({ loginUrl });
+        window.open(loginUrl, '_self');
         return;
       }
       if ('IS_ITSM_ADMIN' in response.data.data) {

diff --git a/itsm/ticket/models/ticket.py b/itsm/ticket/models/ticket.py
@@ -3082,8 +3082,8 @@ def fill_state_fields(self, fields):
         filter_field_query_set = self.fields.filter(key__in=fields_map.keys())
         for ticket_field in filter_field_query_set:
             ticket_field.value = fields_map[ticket_field.key]["value"]
-            # 针对富文本类型进行 xss 过滤 
-            if ticket_field.type in XSS_FIELD_TYPE:
+            # 针对字符串类型进行 xss 过滤 
+            if isinstance(ticket_field.value, str):
                 ticket_field.value = texteditor_escape(ticket_field.value)
 
             ticket_field.choice = fields_map[ticket_field.key].get("choice", [])