Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not process URLs passed directly from users #756

Conversation

spaceisntsyntax
Copy link
Contributor

SUSHI statistics can be retreived from a stored URL, but those are downloaded locally before being processed by the uploadComplete.php script. Because of that, we can simply refuse to load data from URLs using the (local) utf8_fopen_read function, which is only used to load server-local files into memory for processing.

SUSHI statistics can be retreived from a stored URL, but those are
downloaded locally before being processed by the uploadComplete.php
script. Because of that, we can simply refuse to load data from URLs
using the (local) utf8_fopen_read function, which is only used to load
server-local files into memory for processing.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
@andyp-uk andyp-uk merged commit 001c256 into coral-erm:ERM-63-modern-jquery-update-with-php8 Mar 22, 2024
@andyp-uk
Copy link
Contributor

Smoke tested and no problems found.

@andyp-uk andyp-uk added the bug This is a bug (not an enhancement) label Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This is a bug (not an enhancement)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants