fix potential xss attack when showing log file

2024-10-16 13:02:37 +00:00 · 2024-09-01 09:29:12 +02:00 · 2024-09-01 09:29:12 +02:00 · 0ceb6d602c
commit 0ceb6d602c
parent aae0d004c3
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@
 - add new page for send test notification
 - remove deprecated function formatted_size()
 - fix bugs when importing files from filesystem with metadata, better logging
+- fix potential xss attack when showing log file

 --------------------------------------------------------------------------------
                     Changes in version 5.1.35
--- a/views/bootstrap/class.LogManagement.php
+++ b/views/bootstrap/class.LogManagement.php
@ -151,7 +151,7 @@ $("input[type=checkbox]").each(function () { this.checked = !this.checked; });
 		$this->htmlEndPage();
 		} elseif(file_exists($this->logdir.$logname)){
 			echo $logname."<pre>\n";
-			readfile($this->logdir.$logname);
+			echo htmlspecialchars(file_get_contents($this->logdir.$logname));
 			echo "</pre>\n";
 		} else {
 			UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));