firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0510] Stored XSS (bypass html_purify patch) to RCE 취약점 수정

Browse Source
This commit is contained in:
2025-08-27 11:48:36 +09:00
parent 5da91ab73e
commit f69b66dced
5 changed files with 46 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugin/htmlpurifier/extend.video.php
View File

@ -95,7 +95,10 @@ if( !class_exists('HTMLPurifierContinueParamFilter') ){
}
if ($query) {
if (isset($query_params['continue'])) {
parse_str($query, $query_params);
if (isset($query_params['continue']) || isset($query_params['pcurl'])) {
return false;
}
}