Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'flatpressblog:master' into upstream/issue220

Browse Source
This commit is contained in:
Frank Hochmuth 2023-09-02 12:28:52 +02:00 committed by GitHub
commit fd30261d89
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -60,7 +60,7 @@
## Security
- Possible XSS prevented: Session cookie missed the "secure" and "httponly" flags
- Proper check of uploaded files ([#152](https://github.com/flatpressblog/flatpress/issues/152), [#170](https://github.com/flatpressblog/flatpress/issues/170))
- Proper check of uploaded files ([#152](https://github.com/flatpressblog/flatpress/issues/152), [#170](https://github.com/flatpressblog/flatpress/issues/170), [#217](https://github.com/flatpressblog/flatpress/issues/217))
- Possible XSS prevented: Admin Area URL ([#153](https://github.com/flatpressblog/flatpress/issues/153))
- Possible XSS prevented: Upload of misc. XML file types ([#172](https://github.com/flatpressblog/flatpress/issues/172), [#178](https://github.com/flatpressblog/flatpress/issues/178), [#188](https://github.com/flatpressblog/flatpress/issues/188))
- Directory browsing prevented ([#174](https://github.com/flatpressblog/flatpress/issues/174))

3
admin/panels/uploader/admin.uploader.php
View File

@ -99,7 +99,8 @@ class admin_uploader_default extends AdminPanelAction {
'svg',
'xml',
'md',
'pages'
'pages',
'xsig'
);
$imgs = array(