github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-19 13:01:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix xss / GH-2252

Browse source 
ref https://github.com/serghey-rodin/vesta/issues/2252
This commit is contained in:
divinity76 2022-07-23 09:26:16 +02:00 committed by GitHub
commit 0682f7b10c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/api/v1/upload/UploadHandler.php
View file

@ -1191,6 +1191,13 @@ class UploadHandler
)); ));
} }
} }
if(!headers_sent()){
// this is the most likely/expected path.
header("Content-Type: text/javascript; charset=UTF-8");
} else {
// html-encode json to prevent xss...
$json = htmlentities($json, ENT_QUOTES | ENT_SUBSTITUTE | ENT_DISALLOWED | ENT_HTML401);
}
$this->body($json); $this->body($json);
} }
return $content; return $content;