composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-24 11:08:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°3949 - Fix XSS vulnerability on file attribute

Browse Source
This commit is contained in:
Molkobain
2021-05-10 10:23:56 +02:00
parent dc36b4648d
commit 85aac7bf52
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sources/application/WebPage/DownloadPage.php
View File

@@ -31,6 +31,11 @@ class DownloadPage extends AjaxPage
header($s_header);
}
echo $this->sContent;
if (($this->sContentType == 'text/html') && ($this->sContentDisposition == 'inline')) {
// inline content != attachment && html => filter all scripts for malicious XSS scripts
echo self::FilterXSS($this->sContent);
} else {
echo $this->sContent;
}
}
}