zcy
/
svgedit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix XSS in editor/extensions/fileopen.php 

reported by Lukas Reschke <lukas@statuscode.ch>


git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2080 eee81c28-f429-11dd-99c0-75d572ba1ddd
master
Pavol Rusnak 2012-05-08 20:09:38 +00:00
parent 3a0cfe1ce0
commit 519859eaf8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
editor/extensions/fileopen.php
View File

@ -27,5 +27,5 @@
}
?>
<script>
window.top.window.svgEditor.processFile("<?php echo $prefix . base64_encode($output); ?>", "<?php echo $type ?>");
</script>
window.top.window.svgEditor.processFile("<?php echo $prefix . base64_encode($output); ?>", "<?php echo htmlentities($type); ?>");
</script>