mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-03 05:12:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

XSS sanity check of uploaded images or excel files (#39)

Browse Source
This commit is contained in:
FrancescoUK
2016-05-26 18:29:33 +01:00
parent 472ce16528
commit e4cb04fd3e
3 changed files with 49 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/controllers/Config.php
View File

@@ -35,7 +35,11 @@ class Config extends Secure_area
if (!empty($upload_data['orig_name']))
{
$batch_save_data['company_logo'] = $upload_data['raw_name'] . $upload_data['file_ext'];
// XSS file image sanity check
if ($this->security->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
{
$batch_save_data['company_logo'] = $upload_data['raw_name'] . $upload_data['file_ext'];
}
}
$result = $this->Appconfig->batch_save($batch_save_data);