diff options
| author |  Inverle <inverle@proton.me>
| 2025-08-31 20:05:30 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-08-31 20:05:30 +0200 |
| commit | c44bb029c015ab91808b06b8eb691240b7fc575d (patch) | |
| tree | 10521ba8935917a134730d77bd150ccf00c627df /app/Models | |
| parent | 87879e83927d66332d2d0794bc47eeb55f8c9b46 (diff) | |
Fix log CRLF injection (#7883)
* Fix log CRLF injection
* empty -> space
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Diffstat (limited to 'app/Models')
| -rw-r--r-- | app/Models/Log.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/Models/Log.php b/app/Models/Log.php index 7760e76ca..5d3ddbe16 100644 --- a/app/Models/Log.php +++ b/app/Models/Log.php @@ -4,6 +4,7 @@ declare(strict_types=1); class FreshRSS_Log extends Minz_Model { private string $date; + /** @property 'error'|'warning'|'notice'|'debug'|'info' $level */ private string $level; private string $information; @@ -20,6 +21,10 @@ class FreshRSS_Log extends Minz_Model { $this->date = $date; } public function _level(string $level): void { + if (!in_array($level, ['error', 'warning', 'notice', 'debug', 'info'], true)) { + $this->level = 'info'; + return; + } $this->level = $level; } public function _info(string $information): void { |