self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-06-15 23:00:36 +02:00
Code Issues Releases Activity

All: Security: Fixed potential Arbitrary File Read via XSS

Browse Source
This commit is contained in:
Laurent Cozic
2020-02-13 23:59:23 +00:00
parent 06d807d9ff
commit 3db47b575b
24 changed files with 434 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ReactNativeClient/lib/shim-init-node.js
View File

@ -214,7 +214,7 @@ function shimInit() {
if (shim.isElectron()) {
const nativeImage = require('electron').nativeImage;
let image = nativeImage.createFromDataURL(imageDataUrl);
if (image.isEmpty()) throw new Error('Could not convert data URL to image'); // Would throw for example if the image format is no supported (eg. image/gif)
if (image.isEmpty()) throw new Error('Could not convert data URL to image - perhaps the format is not supported (eg. image/gif)'); // Would throw for example if the image format is no supported (eg. image/gif)
if (options.cropRect) {
// Crop rectangle values need to be rounded or the crop() call will fail
const c = options.cropRect;