Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS vulnerability
  • Loading branch information
vova07 committed Mar 24, 2017
1 parent a392ab7 commit c00d1e4
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion .gitignore
@@ -1 +1,2 @@
.idea
/vendor
/composer.lock
3 changes: 2 additions & 1 deletion actions/UploadAction.php
Expand Up @@ -8,6 +8,7 @@
use yii\base\InvalidCallException;
use yii\base\InvalidConfigException;
use yii\helpers\FileHelper;
use yii\helpers\Html;
use yii\web\BadRequestHttpException;
use yii\web\Response;
use yii\web\UploadedFile;
Expand Down Expand Up @@ -93,7 +94,7 @@ public function run()

if ($model->hasErrors()) {
$result = [
'error' => $model->getFirstError('file')
'error' => Html::encode($model->getFirstError('file')),
];
} else {
if ($this->unique === true && $model->file->extension) {
Expand Down

0 comments on commit c00d1e4

Please sign in to comment.