Skip to content

Commit

Permalink
Fix bug allowing to execute arbitrary javascript in SVG files
Browse files Browse the repository at this point in the history 
Add CSP header

Closes #1251

Bug Disclosure: https://huntr.dev/bounties/253ebdad-a593-425a-bb91-20da8f3fbae9/
Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
  • Loading branch information
@noobpk @glensc
noobpk authored and glensc committed Nov 9, 2021
1 parent aea72ef commit 1b86239
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Expand Up @@ -5,6 +5,7 @@
See [Upgrading] for details on how to upgrade.

- Fix `sort_by` not being filtered in search form, #1252
- Fix bug allowing to execute arbitrary JavaScript in SVG files, #1252

[3.10.8]: https://github.com/eventum/eventum/compare/v3.10.7...master

Expand Down
1 change: 1 addition & 0 deletions lib/eventum/class.misc.php
View file
Expand Up @@ -636,6 +636,7 @@ public static function outputDownload($data, $filename, $filesize, $filetype, $f
header('Content-Type: ' . $filetype);
header("Content-Disposition: {$disposition}; filename=\"{$filename}\"; filename*=UTF-8''{$filename}");
header("Content-Length: {$filesize}");
header("Content-Security-Policy: script-src 'none'");
echo $data;
exit;
}
Expand Down

0 comments on commit 1b86239

Please sign in to comment.