mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00
Code Releases Activity

Prevent image crash attacks.

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@268 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-15 22:53:12 +00:00
parent 52c598730e
commit 38e0485fcd
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/HTMLPurifier/AttrDef/Pixels.php
View File

@ -19,7 +19,11 @@ class HTMLPurifier_AttrDef_Pixels extends HTMLPurifier_AttrDef
if ($int < 0) return '0';
// could use some upper-bound checking
// upper-bound value, extremely high values can
// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
// WARNING, above link WILL crash you if you're using Windows
if ($int > 1200) return '1200';
return (string) $int;