fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-4042 Reflected Cross-Site Scripting (XSS)

Browse Source
This commit is contained in:
Roly Gutierrez
2022-11-15 12:07:29 -04:00
parent a7cbcd64bf
commit 5a4c35d6c8
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
workflow/engine/methods/setup/showLogoFile.php
View File

@@ -62,16 +62,21 @@ if (is_file( $imagen )) {
//cpyMoreLogos($dir,$newDir);
$newDir .= PATH_SEP . $idDecode64;
$dir .= PATH_SEP . $idDecode64;
copy( $dir, $newDir );
showLogo( $newDir );
if (file_exists($dir)) {
copy($dir, $newDir);
showLogo( $newDir );
}
die();
}
function showLogo ($imagen)
{
$info = @getimagesize( $imagen );
$fp = fopen( $imagen, "rb" );
$fp = null;
if (file_exists($imagen)) {
$fp = fopen($imagen, "rb");
$info = @getimagesize($imagen);
}
if ($info && $fp) {
header( "Content-type: {$info['mime']}" );
fpassthru( $fp );