Closed
Description
Hello,
I would like to report for possible XSS vulnerability.
In file https://github.com/serghey-rodin/vesta/blob/master/web/api/v1/upload/UploadHandler.php
the source in function post
public function post($print_response = true) {
//....
// the source $_FILES[$this->options['param_name']]
$upload = isset($_FILES[$this->options['param_name']]) ? $_FILES[$this->options['param_name']] : null;
// ....
foreach ($upload['tmp_name'] as $index => $value) {
// $files will have the source which return from handle_file_upload
$files[] = $this->handle_file_upload(
$upload['tmp_name'][$index],
$file_name ? $file_name : $upload['name'][$index],
$size ? $size : $upload['size'][$index],
$upload['type'][$index], // The source
$upload['error'][$index],
$index,
$content_range
);
}
//.....
// call generate_response and pass the source in the array in $files
return $this->generate_response(
array($this->options['param_name'] => $files),
$print_response
);
}function handle_file_upload
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
//.....
// the source in $file->type
$file->type = $type;
//....
return $file;
}function generate_response
protected function generate_response($content, $print_response = true) {
if ($print_response) {
$json = json_encode($content);
//.....
$this->body($json);
}
}Finally, the sink in function body
protected function body($str) {
// the sink
echo $str;
}