mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Fix XXE DDOs attack when uploading a malicious SVG (ref #152
This commit is contained in:
parent
582eda24d7
commit
0d4675ea41
4 changed files with 8 additions and 2 deletions
|
@ -6,8 +6,12 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
|||
### Added
|
||||
- Added an input box with auto-generated short markdown embed code with copy button to file pages
|
||||
|
||||
### Changed
|
||||
- Added 1920 as a preset image size on file pages
|
||||
|
||||
### Fixed
|
||||
- Fix saving edits to pages with an ampersand in their name (#99)
|
||||
- [Security] Fixed an authenticated denial-of-service attack when uploading a malicious SVG (ref XXE billion laughs attack, #152)
|
||||
|
||||
## v0.15
|
||||
_(No changes since v0.15-beta2)_
|
||||
|
|
|
@ -5466,6 +5466,7 @@ function upload_check_svg($temp_filename)
|
|||
*/
|
||||
function getsvgsize($svgFilename)
|
||||
{
|
||||
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
||||
$svg = simplexml_load_file($svgFilename); // Load it as XML
|
||||
if($svg === false)
|
||||
{
|
||||
|
|
|
@ -122,7 +122,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
|
||||
"id": "feature-upload",
|
||||
"lastupdate": 1513158485,
|
||||
"lastupdate": 1513195855,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
|
|
@ -476,7 +476,7 @@ register_module([
|
|||
if($mime_type == "application/pdf")
|
||||
$fileTypeDisplay = "file";
|
||||
|
||||
$preview_sizes = [ 256, 512, 768, 1024, 1440 ];
|
||||
$preview_sizes = [ 256, 512, 768, 1024, 1440, 1920 ];
|
||||
$preview_html .= "\t\t\t<figure class='preview'>
|
||||
<img src='$previewUrl' />
|
||||
<nav class='image-controls'>
|
||||
|
@ -622,6 +622,7 @@ function upload_check_svg($temp_filename)
|
|||
*/
|
||||
function getsvgsize($svgFilename)
|
||||
{
|
||||
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
||||
$svg = simplexml_load_file($svgFilename); // Load it as XML
|
||||
if($svg === false)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue