Dockery/Jump
1
0
Fork 0
mirror of https://github.com/daledavies/jump.git synced 2026-05-07 16:36:42 +02:00
Code Issues Packages Projects Releases Activity

Fix potential XSS issue from unsplash data

Browse Source
This commit is contained in:
Dale Davies
2023-04-19 13:12:53 +01:00
parent d90ac8eb89
commit 67b156ed5e
8 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
jumpapp/classes/Unsplash.php
View File

@@ -44,7 +44,8 @@ class Unsplash {
}
$unsplashdata = new \stdClass();
$unsplashdata->color = $photo->color;
$unsplashdata->attribution = '<a target="_blank" rel="noopener" href="'.$photo->links['html'].'">'.$description.'</a>';
$unsplashdata->attribution = htmlentities($description);
$unsplashdata->link = strip_tags($photo->links['html']);
$unsplashdata->imagedatauri = 'data: '.(new \finfo(FILEINFO_MIME_TYPE))->buffer($response).';base64,'.base64_encode($response);
return $unsplashdata;
}