Unverified Commit 9089acbd authored by IKEDA Soji's avatar IKEDA Soji Committed by GitHub
Browse files

Merge pull request #721 from ikedas/issue-716_02mime by ikedas

WWSympa: send_mail: Restrict MIME content type of uploaded HTML text (#716)
parents e2f262ab 5fda1856
......@@ -14692,8 +14692,11 @@ sub do_send_mail {
my $page_source;
if ($in{'uploaded_file'} =~ /\S/) {
my $fh = $query->upload('uploaded_file');
unless ($fh) {
wwslog('err', 'Can\'t upload %s', $in{'uploaded_file'});
my $ctype = $query->uploadInfo($fh)->{'Content-Type'}
if $fh;
unless ($ctype and lc $ctype eq 'text/html') {
wwslog('err', 'Can\'t upload %s (%s)', $in{'uploaded_file'},
$ctype || 'unknown type');
Sympa::WWW::Report::reject_report_web(
'intern',
'cannot_upload',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment