Skip to content

Commit

Permalink
vulnerability fix using htmlspecialchars - issue #32
Browse files Browse the repository at this point in the history
  • Loading branch information
@MaestroError
MaestroError committed Feb 9, 2024
1 parent 1d307ee commit 7d523fb
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/HeicToJpg.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,7 @@ public function checkOS($forceArm = false) {
* @return void
*/
protected function processImage(string $source) {
$source = htmlspecialchars($source);
$this->heic = $source;
$newFileName = $source . "-" . uniqid(rand(), true);
$exeName = $this->exeName;
Expand Down Expand Up @@ -316,7 +317,7 @@ public static function convert(string $source, string $converterPath = "", $forc
return (new self)
->checkOS($forceArm)
->setConverterLocation($converterPath)
->convertImage(htmlspecialchars($source));
->convertImage($source);
}

public static function convertOnMac(string $source, string $arch = "amd64", string $converterPath = "")
Expand Down
Binary file added tests/Unit/images/;whoami;#.heic
View file
Binary file not shown.

0 comments on commit 7d523fb

Please sign in to comment.