lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-05 07:20:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix formatImg() security issue

Browse Source
This commit is contained in:
xiaomlove
2023-07-19 02:32:02 +08:00
parent 61cb2bb6bb
commit 30aae54673
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/functions.php
View File

@@ -229,6 +229,12 @@ function formatCode($text) {
}
function formatImg($src, $enableImageResizer, $image_max_width, $image_max_height, $imgId = "") {
if (is_danger_url($src)) {
$msg = "[DANGER_URL]: $src";
do_log($msg, "alert");
write_log($msg, "mod");
return "";
}
return addTempCode("<img style=\"max-width: 100%\" id=\"$imgId\" alt=\"image\" src=\"$src\"" .($enableImageResizer ? " onload=\"Scale(this,$image_max_width,$image_max_height);\" onclick=\"Preview(this);\"" : "") . " />");
}