Commit 4068b7a8 authored by Hugh Davenport's avatar Hugh Davenport

Escape user uploaded XHTML files

Bug #1055232
CVE-2012-2243

Before this patch, if a user uploaded HTML or XML files
then tried to download them, or linked other users to download
them, they would be presented with an escaped version along
with a link to download the original.

This did not include XHTML files, which can cause the same
security issues as HTML or XML files. This patch includes the
XHTML mimetype of application/xhtml+xml in the test of which
files to escape.

Change-Id: Iffb8308fdb56a173fd4af2bbda800999dd11fea3
Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
parent 2e80c7db
......@@ -70,7 +70,7 @@ function serve_file($path, $filename, $mimetype, $options=array()) {
$lastmodified = filemtime($path);
$filesize = filesize($path);
if ($mimetype == 'text/html' || $mimetype == 'text/xml') {
if ($mimetype == 'text/html' || $mimetype == 'text/xml' || $mimetype == 'application/xhtml+xml') {
if (isset($options['downloadurl']) && $filesize < 1024 * 1024) {
display_cleaned_html(file_get_contents($path), $filename, $options);
exit;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment