Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-02-11 10:44:20 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High).

Browse source 
Thanks to Siam Thanat Hack (STH) !
This commit is contained in:
Lauri Ojansivu 2025-11-02 08:36:29 +02:00
parent d64d2f9c42
commit e9a727301d
6 changed files with 361 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

2
models/avatars.js
View file

@ -44,7 +44,7 @@ if (Meteor.isServer) {
storagePath = path.join(process.env.WRITABLE_PATH || process.cwd(), 'avatars');
}
const fileStoreStrategyFactory = new FileStoreStrategyFactory(FileStoreStrategyFilesystem, storagePath, FileStoreStrategyGridFs, avatarsBucket);
export const fileStoreStrategyFactory = new FileStoreStrategyFactory(FileStoreStrategyFilesystem, storagePath, FileStoreStrategyGridFs, avatarsBucket);
Avatars = new FilesCollection({
debug: false, // Change to `true` for debugging