github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-05 12:36:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Additional rXSS fix / closes #1558

Browse source
This commit is contained in:
Serghey Rodin 2018-05-16 17:23:04 +03:00
parent e62432e672
commit c80c4c472e
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/view/file/index.php
View file

@ -13,10 +13,10 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
}
if (!empty($_REQUEST['path'])) {
$path = $_REQUEST['path'];
$path = htmlspecialchars($_REQUEST['path'], ENT_QUOTES, 'UTF-8');
if (!empty($_REQUEST['raw'])) {
header('content-type: image/jpeg');
passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg(htmlspecialchars($_REQUEST['path'], ENT_QUOTES, 'UTF-8')));
passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
exit;
}
}