349162ea13
This filters out potentially malicious javascript: or data: uri's coming through to be attached to attachments. Added tests to cover. Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this vulnerability. |
||
---|---|---|
.. | ||
Api | ||
Auth | ||
Images | ||
AttachmentController.php | ||
AuditLogController.php | ||
BookController.php | ||
BookExportController.php | ||
BookshelfController.php | ||
BookSortController.php | ||
ChapterController.php | ||
ChapterExportController.php | ||
CommentController.php | ||
Controller.php | ||
HomeController.php | ||
MaintenanceController.php | ||
PageController.php | ||
PageExportController.php | ||
PageRevisionController.php | ||
PageTemplateController.php | ||
PermissionController.php | ||
SearchController.php | ||
SettingController.php | ||
TagController.php | ||
UserApiTokenController.php | ||
UserController.php |