fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in bugfix/PMCORE-4042 (pull request #8634)

Browse Source 
PMCORE-4042 Reflected Cross-Site Scripting (XSS)

Approved-by: Julio Cesar Laura Avendaño
This commit is contained in:
Roly Gutierrez
2022-11-15 20:30:03 +00:00
committed by Julio Cesar Laura Avendaño
parent dbcc8cbbce 5a4c35d6c8
commit fe08e65a0d
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
workflow/engine/methods/setup/showLogoFile.php
View File

@@ -62,16 +62,21 @@ if (is_file( $imagen )) {
//cpyMoreLogos($dir,$newDir); //cpyMoreLogos($dir,$newDir);
$newDir .= PATH_SEP . $idDecode64; $newDir .= PATH_SEP . $idDecode64;
$dir .= PATH_SEP . $idDecode64; $dir .= PATH_SEP . $idDecode64;
copy( $dir, $newDir ); if (file_exists($dir)) {
showLogo( $newDir ); copy($dir, $newDir);
showLogo( $newDir );
}
die(); die();
} }
function showLogo ($imagen) function showLogo ($imagen)
{ {
$info = @getimagesize( $imagen ); $fp = null;
$fp = fopen( $imagen, "rb" ); if (file_exists($imagen)) {
$fp = fopen($imagen, "rb");
$info = @getimagesize($imagen);
}
if ($info && $fp) { if ($info && $fp) {
header( "Content-type: {$info['mime']}" ); header( "Content-type: {$info['mime']}" );
fpassthru( $fp ); fpassthru( $fp );