From 34f581573b16a07439949cfe099e10a97363975e Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Mon, 30 Mar 2015 14:00:23 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=ED=99=95=EC=9E=A5=EB=B3=80=EC=88=98?=
 =?UTF-8?q?=EB=A5=BC=20=EC=9D=B4=EC=9A=A9=ED=95=9C=20XSS=20=EA=B3=B5?=
 =?UTF-8?q?=EA=B2=A9=20=EA=B0=80=EB=8A=A5=EC=84=B1=20=EC=B0=A8=EB=8B=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 classes/extravar/Extravar.class.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/classes/extravar/Extravar.class.php b/classes/extravar/Extravar.class.php
index ed15074c5..7438db2b9 100644
--- a/classes/extravar/Extravar.class.php
+++ b/classes/extravar/Extravar.class.php
@@ -225,6 +225,11 @@ class ExtraItem
 					$values = explode(',', $value);
 				}
 
+				$values = array_values($values);
+				for($i = 0, $c = count($values); $i < $c; $i++)
+				{
+					$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
+				}
 				return $values;
 
 			case 'checkbox' :
@@ -247,11 +252,11 @@ class ExtraItem
 					$values = array($value);
 				}
 
+				$values = array_values($values);
 				for($i = 0, $c = count($values); $i < $c; $i++)
 				{
 					$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
 				}
-
 				return $values;
 
 			case 'kr_zip' :
@@ -268,6 +273,11 @@ class ExtraItem
 					$values = array($value);
 				}
 
+				$values = array_values($values);
+				for($i = 0, $c = count($values); $i < $c; $i++)
+				{
+					$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
+				}
 				return $values;
 
 			//case 'date' :

From 2e53b6ac79b0399eccb214aab81af27515b3fbc3 Mon Sep 17 00:00:00 2001
From: bnu <bnufactory@gmail.com>
Date: Mon, 30 Mar 2015 14:18:47 +0900
Subject: [PATCH 2/2] version up to 1.7.13

---
 config/config.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/config.inc.php b/config/config.inc.php
index 4b38f56cd..2bfb306d5 100644
--- a/config/config.inc.php
+++ b/config/config.inc.php
@@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
 /**
  * Display XE's full version.
  */
-define('__XE_VERSION__', '1.7.12');
+define('__XE_VERSION__', '1.7.13');
 define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
 define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
 define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));