From b09be69058e7d3a62e00b985f5f4b8d96b070efa Mon Sep 17 00:00:00 2001
From: Thomas Steur <thomas.steur@gmail.com>
Date: Tue, 28 Jul 2015 08:28:00 +0000
Subject: [PATCH] added changelog entry, encode some params just to be sure to
 prevent xss

---
 CHANGELOG.md                                              | 1 +
 .../angularjs/reporting-menu/reportingmenu.controller.js  | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index caa2b2ebc0..8da1e313cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ This is a changelog for Piwik platform developers. All changes for our HTTP API'
 * The method `Piwik\Plugin\Menu::configureReportingMenu` has been removed. To add something to the reporting menu you need to create widgets
 * The method `Report::configureWidget()`, `Report::getWidgetTitle()` and `Report::configureReportingMenu()` have been removed, use the new method `Report::configureWidgets()` instead.
 * The method `Report::getCategory()` does no longer return the translated category but the translation key of the category
+* The property `Report::$category` has been renamed to `Report::$categoryId`
 * The methods `Report::factory()`, `Report::getAllReportClasses()`, `Report::getAllReports` have been moved to the `Piwik\Plugin\Reports` class.
 * The properties `Report::$widgetTitle`, `Report::$widgetParams` and `Report::$menuTitle` were removed, use the method `Report::configureWidgets()` to create widgets instead
 * In the HTTP API methods `Dashboard.getDefaultDashboard` and `Dashboard.getUserDashboards` we do no longer remove not existing widgets as it is up to the client which widgets actually exist
diff --git a/plugins/CoreHome/angularjs/reporting-menu/reportingmenu.controller.js b/plugins/CoreHome/angularjs/reporting-menu/reportingmenu.controller.js
index 85dc0f17c5..6e3a21e851 100644
--- a/plugins/CoreHome/angularjs/reporting-menu/reportingmenu.controller.js
+++ b/plugins/CoreHome/angularjs/reporting-menu/reportingmenu.controller.js
@@ -86,7 +86,13 @@
         var segment = getUrlParam('segment');
 
         $scope.makeUrl = function (category, subcategory) {
-            var url = 'idSite=' + idSite + '&period=' + period + '&date=' + date + '&category=' + category.id + '&subcategory=' + subcategory.id;
+
+            var url = 'idSite=' + encodeURIComponent(idSite);
+            url    += '&period=' + encodeURIComponent(period);
+            url    += '&date=' + encodeURIComponent(date);
+            url    += '&category=' + encodeURIComponent(category.id);
+            url    += '&subcategory=' + encodeURIComponent(subcategory.id);
+
             if (segment) {
                 url+= '&segment='+ segment;
             }
-- 
GitLab