Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed cross-site scripting via svg file upload #856

Merged
merged 4 commits into from
Aug 21, 2024
Merged

Fixed cross-site scripting via svg file upload #856

merged 4 commits into from
Aug 21, 2024

Conversation

girishpanchal30
Copy link
Contributor

Summary

In this PR I've filtered the SVG image content and removed the harmful code to fix the cross-site scripting vulnerability issue.

Check before Pull Request is ready:

Closes https://github.com/Codeinwp/neve-pro-addon#2842

@girishpanchal30 girishpanchal30 added the pr-checklist-skip Allow this Pull Request to skip checklist. label Aug 20, 2024
@pirate-bot pirate-bot added the pr-checklist-complete The Pull Request checklist is complete. (automatic label) label Aug 20, 2024
@pirate-bot
Copy link
Contributor

pirate-bot commented Aug 20, 2024
edited
Loading

Plugin build for 52b6ccd is ready 🛎️!

@vytisbulkevicius vytisbulkevicius requested review from Soare-Robert-Daniel and removed request for abaicus August 20, 2024 16:43
@selul
Copy link
Contributor

selul commented Aug 21, 2024

@girishpanchal30 please use this library instead for sanitization https://github.com/Codeinwp/optimole-wp/blob/master/composer.json#L59, you can check Optimole on how is used.

@girishpanchal30
Copy link
Contributor Author

@selul Thank you for the suggestion, I've Implemented the library with the latest commit.

@vytisbulkevicius vytisbulkevicius merged commit a8d1d34 into development Aug 21, 2024
5 checks passed
@vytisbulkevicius vytisbulkevicius deleted the bugfix/nv/2842 branch August 21, 2024 14:26
@pirate-bot
Copy link
Contributor

🎉 This PR is included in version 2.10.37 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@pirate-bot pirate-bot added the released Indicate that an issue has been resolved and released in a particular version of the product. label Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Soare-Robert-Daniel Soare-Robert-Daniel Soare-Robert-Daniel approved these changes

Assignees
No one assigned
Labels
pr-checklist-complete The Pull Request checklist is complete. (automatic label) pr-checklist-skip Allow this Pull Request to skip checklist. released Indicate that an issue has been resolved and released in a particular version of the product.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@girishpanchal30 @pirate-bot @selul @Soare-Robert-Daniel @vytisbulkevicius