mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-16 04:50:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Do proper XSS sanity check with excel files (#39)

Browse Source
This commit is contained in:
FrancescoUK
2016-05-26 18:41:59 +01:00
parent e4cb04fd3e
commit a5f63d1cc0
2 changed files with 2 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
application/controllers/Customers.php
View File

@@ -171,12 +171,7 @@ class Customers extends Person_controller
while (($data = fgetcsv($handle)) !== FALSE)
{
// XSS file data sanity check
if ($this->security->xss_clean($data) === FALSE)
{
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file contains malicious data') );
return;
}
$data = $this->security->xss_clean($data);
$person_data = array(
'first_name'=>$data[0],

7
application/controllers/Items.php
View File

@@ -578,12 +578,7 @@ class Items extends Secure_area implements iData_controller
while (($data = fgetcsv($handle)) !== FALSE)
{
// XSS file data sanity check
if ($this->security->xss_clean($data) === FALSE)
{
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file contains malicious data') );
return;
}
$data = $this->security->xss_clean($data);
if (sizeof($data) >= 23)
{