fix potential xss attack when showing log file

This commit is contained in:
Uwe Steinmann 2024-09-01 09:29:12 +02:00
parent aae0d004c3
commit 0ceb6d602c
2 changed files with 2 additions and 1 deletions

View File

@ -4,6 +4,7 @@
- add new page for send test notification
- remove deprecated function formatted_size()
- fix bugs when importing files from filesystem with metadata, better logging
- fix potential xss attack when showing log file
--------------------------------------------------------------------------------
Changes in version 5.1.35

View File

@ -151,7 +151,7 @@ $("input[type=checkbox]").each(function () { this.checked = !this.checked; });
$this->htmlEndPage();
} elseif(file_exists($this->logdir.$logname)){
echo $logname."<pre>\n";
readfile($this->logdir.$logname);
echo htmlspecialchars(file_get_contents($this->logdir.$logname));
echo "</pre>\n";
} else {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));