gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-09 21:16:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix potential xss attack when showing log file

Browse Source
This commit is contained in:
Uwe Steinmann 2024-09-01 09:29:12 +02:00
parent aae0d004c3
commit 0ceb6d602c
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -4,6 +4,7 @@
- add new page for send test notification - add new page for send test notification
- remove deprecated function formatted_size() - remove deprecated function formatted_size()
- fix bugs when importing files from filesystem with metadata, better logging - fix bugs when importing files from filesystem with metadata, better logging
- fix potential xss attack when showing log file
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.35 Changes in version 5.1.35

2
views/bootstrap/class.LogManagement.php
View File

@ -151,7 +151,7 @@ $("input[type=checkbox]").each(function () { this.checked = !this.checked; });
$this->htmlEndPage(); $this->htmlEndPage();
} elseif(file_exists($this->logdir.$logname)){ } elseif(file_exists($this->logdir.$logname)){
echo $logname."<pre>\n"; echo $logname."<pre>\n";
readfile($this->logdir.$logname); echo htmlspecialchars(file_get_contents($this->logdir.$logname));
echo "</pre>\n"; echo "</pre>\n";
} else { } else {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));