iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 2805: avoid XSS from EXIF/IPTC

Browse Source 
git-svn-id: http://piwigo.org/svn/branches/2.4@19417 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2012-12-13 09:27:24 +00:00
parent 4fab3d9922
commit ea3e07c326
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
include/functions_metadata.inc.php
View File

@@ -60,7 +60,10 @@ function get_iptc_data($filename, $map)
foreach (array_keys($map, $iptc_key) as $pwg_key)
{
$result[$pwg_key] = $value;
// in case the origin of the photo is unsecure (user upload), we
// remove HTML tags to avoid XSS (malicious execution of
// javascript)
$result[$pwg_key] = strip_tags($value);
}
}
}
@@ -140,6 +143,13 @@ function get_exif_data($filename, $map)
}
}
foreach ($result as $key => $value)
{
// in case the origin of the photo is unsecure (user upload), we remove
// HTML tags to avoid XSS (malicious execution of javascript)
$result[$key] = strip_tags($value);
}
return $result;
}
?>