[vulnerability] xss or other vulns
LLfam opened this issue · comments
Hi! I think regexp in function latinOnlyInput is incorrect. So I find a xss in /data/inc/images.php line42, and I think this problem may lead to other vulnerabilities.
In regexp, brackets have special meanings. [blank]-[underline] means blank to underline in ascii.
I drafted a new dev release. can you test this please? if correct I can push to production.
https://github.com/pluck-cms/pluck/releases/tag/4.7.9-dev4
pluck-4.7.9-dev4.tar.gz
Be careful in coding xD. If find other vulns, I will tell u immediately.
Thank you. I pushed it to production. all admins will get a notification to update when they logon.