From 989251374467e3afc0934afd4d5311c241de7cf4 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 21 Feb 2024 22:14:05 -0500 Subject: [PATCH] Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload --- src/Module/Attach.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/Module/Attach.php b/src/Module/Attach.php index 7d877c1265..a339b381c5 100644 --- a/src/Module/Attach.php +++ b/src/Module/Attach.php @@ -65,11 +65,7 @@ class Attach extends BaseModule // error in Chrome for filenames with commas in them header('Content-type: ' . $item['filetype']); header('Content-length: ' . $item['filesize']); - if (isset($_GET['attachment']) && $_GET['attachment'] === '0') { - header('Content-disposition: filename="' . $item['filename'] . '"'); - } else { - header('Content-disposition: attachment; filename="' . $item['filename'] . '"'); - } + header('Content-disposition: attachment; filename="' . $item['filename'] . '"'); echo $data; System::exit();