349162ea13
This filters out potentially malicious javascript: or data: uri's coming through to be attached to attachments. Added tests to cover. Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this vulnerability. |
||
---|---|---|
.. | ||
Attachment.php | ||
AttachmentService.php | ||
HttpFetcher.php | ||
Image.php | ||
ImageRepo.php | ||
ImageService.php | ||
UploadService.php |