Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix stored XSS security issue: do not allow unsanitized SVG
  • Loading branch information
francoisjacquet committed Apr 21, 2022
1 parent 9396aad commit dcd3b86
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGES.md
@@ -1,6 +1,10 @@
# CHANGES
## RosarioSIS Student Information System

Changes in 8.9.3
----------------
- Fix stored XSS security issue: do not allow unsanitized SVG in FileUpload.fnc.php, thanks to @scgajge12 & @crowdoverflow

Changes in 8.9.2
----------------
- Fix invalidate User School in session on login in index.php
Expand Down
3 changes: 2 additions & 1 deletion ProgramFunctions/FileUpload.fnc.php
Expand Up @@ -794,7 +794,8 @@ function FileExtensionWhiteList() {
'.png',
'.gif',
'.bmp',
'.svg',
// @since 8.9.3 Fix stored XSS security issue: do not allow unsanitized SVG
// '.svg',
'.ico',
'.psd',
'.ai',
Expand Down

0 comments on commit dcd3b86

Please sign in to comment.