github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-20 05:14:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #2258 from divinity76/patch-5

Browse source 
fix xss / GH-2252
This commit is contained in:
Anton Reutov 2022-07-27 13:46:51 +03:00 committed by GitHub
commit 51e468c22f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/api/v1/upload/UploadHandler.php
View file

@ -1191,6 +1191,13 @@ class UploadHandler
)); ));
} }
} }
if(!headers_sent()){
// this is the most likely/expected path.
header("Content-Type: application/json");
} else {
// html-encode json to prevent xss...
$json = htmlentities($json, ENT_QUOTES | ENT_SUBSTITUTE | ENT_DISALLOWED | ENT_HTML401);
}
$this->body($json); $this->body($json);
} }
return $content; return $content;