Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6985 from theWorstComrade/huntr_xss_fix

Browse Source 
Document upload - fix stored xss
This commit is contained in:
David Bomba 2021-11-20 07:07:33 +11:00 committed by GitHub
commit 9e489535cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Models/Document.php
View File

@ -43,7 +43,7 @@ class Document extends EntityModel
'application/msword',
'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/postscript', 'image/svg+xml',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/postscript',
'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/vnd.ms-powerpoint',
];
@ -57,9 +57,6 @@ class Document extends EntityModel
'ai' => [
'mime' => 'application/postscript',
],
'svg' => [
'mime' => 'image/svg+xml',
],
'jpeg' => [
'mime' => 'image/jpeg',
],