⚠ In case you've missed it, we have migrated to our new website, with a brand new forum. For more details about the migration you can read our blog post for website migration. This is an archived forum. ⚠

  •     

profile picture

image crud - XSS vulnerability



J-c

J-c
  • profile picture
  • Member

Posted 22 January 2013 - 21:51 PM

Hi,

I don't know the last version of image crud but with the actual you can upload anything (.php, .exe).
And the Class ImageUploadHandler doesn't work :
You can write whatewer you want in the 'accept_file_types', you can still upload .exe or .php files.

web-johnny

web-johnny
  • profile picture
  • Administrator
  • 1,166 posts

Posted 26 January 2013 - 18:43 PM

Hello [member='J-c'], this bug was resolved as for version 0.6 that I just released. For more please visit: http://www.grocerycrud.com/image-crud

J-c

J-c
  • profile picture
  • Member

Posted 27 January 2013 - 19:38 PM

Wow, thanks a lot web-johnny. It works fine now!!