BSteelooper
commented
5 years ago 
I run It trough the validator and you are correct. there is one character missing in the regexp. it should be: [^a-zA-Z0-9.\ -_]+ (Notice the \ before the -)
Closed LLfam closed 5 years ago
BSteelooper
commented
5 years ago
I run It trough the validator and you are correct. there is one character missing in the regexp. it should be: [^a-zA-Z0-9.\ -_]+ (Notice the \ before the -)
BSteelooper
commented
5 years ago I drafted a new dev release. can you test this please? if correct I can push to production.
https://github.com/pluck-cms/pluck/releases/tag/4.7.9-dev4 pluck-4.7.9-dev4.tar.gz
LLfam
commented
5 years ago Be careful in coding xD. If find other vulns, I will tell u immediately.
BSteelooper
commented
5 years ago Thank you. I pushed it to production. all admins will get a notification to update when they logon.
Hi! I think regexp in function latinOnlyInput is incorrect. So I find a xss in /data/inc/images.php line42, and I think this problem may lead to other vulnerabilities. In regexp, brackets have special meanings. [blank]-[underline] means blank to underline in ascii.