Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

New : Add DoS security on GETPOST with img

Browse Source
This commit is contained in:
lmarcouiller
2022-08-03 14:24:27 +02:00
parent ffecf42808
commit c7652af3bc
4 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/lib/functions.lib.php
View File

@@ -954,6 +954,11 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
// Restore entity ' into ' (restricthtml is for html content so we can use html entity)
$out = preg_replace('/'/i', "'", $out);
preg_match_all('/(<img)/', $out, $reg);
if (count($reg[0]) > (getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") ? getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") : 1000)) {
$out = '';
}
} while ($oldstringtoclean != $out);
break;
case 'custom':