Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix potential XSS issue

Browse source
This commit is contained in:
Aleksander Machniak 2024-05-17 14:19:22 +02:00
parent 53b866e98f
commit 98e2dc3db8
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
plugins/kolab_files/lib/kolab_files_engine.php
View file

@ -840,6 +840,11 @@ class kolab_files_engine
$cells = []; $cells = [];
foreach ($a_show_cols as $col) { foreach ($a_show_cols as $col) {
// sanity check
if (!preg_match('/^[a-zA-Z_-]+$/', $col)) {
continue;
}
// get column name // get column name
switch ($col) { switch ($col) {
case 'options': case 'options':