You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looking at startseite/index.php, line 76, function icon():
Correct me if I'm wrong: you're checking if a certain SVG file exists and if it exists, you're trying to include the SVG code as a part of the resulting HTML doc.
IMHO, using "include" is a false friend here and too risky. You seem to trust your dev process and the content of the file - but there is no need to let the SVG code to be interpreted by the PHP preprocessor. That's a completely unnecessary risk.
If you trust the file content and if you want to live without further sanity checks, at least do not use "include" but rather something like "file_get_contents". Treat the file content as a string and insert it into the resulting html - but DON'T allow it to be interpreted ..
BTW: There is "promo" content in the code which is in the past.
Cheers, Jan
The text was updated successfully, but these errors were encountered:
Hi,
Looking at startseite/index.php, line 76, function icon():
Correct me if I'm wrong: you're checking if a certain SVG file exists and if it exists, you're trying to include the SVG code as a part of the resulting HTML doc.
IMHO, using "include" is a false friend here and too risky. You seem to trust your dev process and the content of the file - but there is no need to let the SVG code to be interpreted by the PHP preprocessor. That's a completely unnecessary risk.
If you trust the file content and if you want to live without further sanity checks, at least do not use "include" but rather something like "file_get_contents". Treat the file content as a string and insert it into the resulting html - but DON'T allow it to be interpreted ..
BTW: There is "promo" content in the code which is in the past.
Cheers, Jan
The text was updated successfully, but these errors were encountered: