FIX CVE-2019-11199

Dolibarr · Apr 25, 2019 · 9760ed5 · 9760ed5
1 parent 63c0ab9
commit 9760ed5
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
@@ -169,14 +169,17 @@ function llxFooter()
 if (GETPOST('type','alpha')) $type=GETPOST('type','alpha');
 else $type=dol_mimetype($original_file);
 
+// Security: This wrapper is for images. We do not allow type/html
+if (preg_match('/html/', $type)) accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.', 1, 1, 1);
+
 // Security: Delete string ../ into $original_file
 $original_file = str_replace("../","/", $original_file);
 
 // Find the subdirectory name as the reference
 $refname=basename(dirname($original_file)."/");
 
 // Security check
-if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
+if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 1, 1, 1);
 
 $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
 $accessallowed              = $check_access['accessallowed'];