Closed JamesColeman-AH closed 3 years ago
Hey Thomas McMahon,
I just wanted to share that the pdfjs/web/viewer.php file has a potential code injection problem. I would recommend changing the version outputs as follows:
<?php echo htmlentities($_GET["v"], ENT_QUOTES); ?>
Will be fixed in the next version. Thanks
Code has been patched. Let me know if you see any other issues.
Hey Thomas McMahon,
I just wanted to share that the pdfjs/web/viewer.php file has a potential code injection problem. I would recommend changing the version outputs as follows: