mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-24 16:28:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Do proper XSS sanity check with excel files (#39)

Browse Source
This commit is contained in:
FrancescoUK
2016-05-26 18:41:59 +01:00
parent e4cb04fd3e
commit a5f63d1cc0
2 changed files with 2 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
application/controllers/Items.php
View File

@@ -578,12 +578,7 @@ class Items extends Secure_area implements iData_controller
while (($data = fgetcsv($handle)) !== FALSE)
{
// XSS file data sanity check
if ($this->security->xss_clean($data) === FALSE)
{
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file contains malicious data') );
return;
}
$data = $this->security->xss_clean($data);
if (sizeof($data) >= 23)
{