New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed XSS Security Vulnerabilities and bug with mime types including '+'. #3

Merged
merged 1 commit into from Oct 15, 2017

Conversation

Projects
None yet
2 participants
@mvastola
Contributor

mvastola commented Aug 24, 2017

@zzxiang

This comment has been minimized.

Owner

zzxiang commented Aug 25, 2017

MIME types including '+', such as image/svg+xml?

@zzxiang zzxiang self-requested a review Aug 25, 2017

@zzxiang zzxiang self-assigned this Aug 25, 2017

@mvastola

This comment has been minimized.

Contributor

mvastola commented Aug 25, 2017

Yes. It'll guess the mime type right, but it'll replace the + with a space.
The bigger issue is potentially the XSS attack though. Add this path to any wordpress install to see what I mean.
/wp-admin/upload.php?page=add-external-media-without-import&url=http%3A%2F%2Fwww.google.com&width=0&height=0&mime-type=%22%3E%3Cscript%3Ealert%28window.location.hash%29%253B%3C%252Fscript%3E%22#Attack!

@zzxiang zzxiang merged commit eda6cb3 into zzxiang:master Oct 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment