From 993104f27621eea45fcec0a54ac0d43cd91f6782 Mon Sep 17 00:00:00 2001
From: Steve Boyd <emteknetnz@gmail.com>
Date: Thu, 23 May 2019 09:55:57 +1200
Subject: [PATCH 1/2] Check Subsite class exists before checking SubsiteID

---
 code/services/QueuedJobService.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/services/QueuedJobService.php b/code/services/QueuedJobService.php
index 355aac97..7a92664d 100644
--- a/code/services/QueuedJobService.php
+++ b/code/services/QueuedJobService.php
@@ -559,7 +559,7 @@ public function runJob($jobId) {
 				// have we stalled at all?
 				$stallCount = 0;
 
-				if ($job->SubsiteID && class_exists('Subsite')) {
+				if (class_exists('Subsite') && $job->SubsiteID) {
 					Subsite::changeSubsite($job->SubsiteID);
 
 					// lets set the base URL as far as Director is concerned so that our URLs are correct

From 45b627801aaedd236e94f47d4a24e6e4b8285920 Mon Sep 17 00:00:00 2001
From: Steve Boyd <emteknetnz@gmail.com>
Date: Wed, 3 Mar 2021 17:38:23 +1300
Subject: [PATCH 2/2] [CVE-2021-27938] Prevent echoing request variable

---
 code/tasks/CreateQueuedJobTask.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/tasks/CreateQueuedJobTask.php b/code/tasks/CreateQueuedJobTask.php
index ca486c86..46cc7832 100644
--- a/code/tasks/CreateQueuedJobTask.php
+++ b/code/tasks/CreateQueuedJobTask.php
@@ -38,7 +38,7 @@ public function run($request) {
 			$now = time();
 			if ($start >= $now) {
 				$friendlyStart = date('Y-m-d H:i:s', $start);
-				echo "Job ".$request['name']. " queued to start at: <b>".$friendlyStart."</b>";
+				echo 'Job queued to start at: <b>' . $friendlyStart . '</b>';
 				singleton('QueuedJobService')->queueJob($job, $start);
 			} else {
 				echo "'start' parameter must be a date/time in the future, parseable with strtotime";