search

TwisterMc / pdfjs-viewer-shortcode

A Wordpress plugin for embedding PDFs using Mozilla's Excellent PDF.js
https://wordpress.org/plugins/pdfjs-viewer-shortcode/
Apache License 2.0
7 stars 5 forks source link

Potential code injection problem #10

Closed JamesColeman-AH closed 3 years ago

JamesColeman-AH commented 3 years ago

Hey Thomas McMahon,

I just wanted to share that the pdfjs/web/viewer.php file has a potential code injection problem. I would recommend changing the version outputs as follows:

<?php echo htmlentities($_GET["v"], ENT_QUOTES); ?>
TwisterMc commented 3 years ago

Will be fixed in the next version. Thanks

TwisterMc commented 3 years ago

Code has been patched. Let me know if you see any other issues.