Commit 5fda1856 authored by IKEDA Soji's avatar IKEDA Soji
Browse files

WWSympa: send_mail: Restrict MIME content type of uploaded HTML text.

parent f55e49b1
......@@ -14692,8 +14692,11 @@ sub do_send_mail {
my $page_source;
if ($in{'uploaded_file'} =~ /\S/) {
my $fh = $query->upload('uploaded_file');
unless ($fh) {
wwslog('err', 'Can\'t upload %s', $in{'uploaded_file'});
my $ctype = $query->uploadInfo($fh)->{'Content-Type'}
if $fh;
unless ($ctype and lc $ctype eq 'text/html') {
wwslog('err', 'Can\'t upload %s (%s)', $in{'uploaded_file'},
$ctype || 'unknown type');
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment