“XSS filter and file uploads” – Forum Thread – Discuss – Symphony.

1 users online. Create an account or sign in to join them.Users

XSS filter and file uploads

This is an open discussion with 1 reply, filed under General.

Search

You are looking at page 1 of 1

- vladG
- 12 Jan 12, 9:52 pm
- Comment #1

It's the first time I put an upload field in a frontend form and if I have the XSS filter attached to my event, it fails on validation:

array
    'name' => string 'sistem_v2.txt' (length=13)
    'type' => string 'text/plain' (length=10)
    'tmp_name' => string '[..]\tmp\php1A4.tmp' (length=53)
    'error' => int 0
    'size' => int 951

As you can see, values for error and size are integers and XSS filter fails if value is of type int.

How do you bypass this issue?

- brendo
- 12 Jan 12, 11:10 pm
- Comment #2

That's a bug. It's actually already in the issue tracker too so hopefully I/someone will get to it soon.

Create an account or sign in to comment.

Quick Links

Contact the team

Symphony • Open Source XSLT CMS

Server Requirements

PHP 5.2 or above
PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
MySQL 5.0 or above
An Apache or Litespeed webserver
Apache's mod_rewrite module or equivalent

Compatible Hosts

Create Account

Sign in