aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/chillerlan/php-qrcode/examples/html.php
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2024-09-28 14:47:41 +0200
committerHarald Eilertsen <haraldei@anduin.net>2024-09-28 15:07:23 +0200
commit4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687 (patch)
treefad2b149f74383897841db0e8e749fd7ea9c95ba /vendor/chillerlan/php-qrcode/examples/html.php
parentc12ef4fbf4b2046e0af68b11e8fe5af2d335f32e (diff)
downloadvolse-hubzilla-4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687.tar.gz
volse-hubzilla-4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687.tar.bz2
volse-hubzilla-4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687.zip
deps: Upgrade smarty/smarty to version 4.5.4
This eliminates a potential vulnerability where an template author could inject arbitrary PHP files to be run via the 'extends' tag. See: - https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w - https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a Impact assessment: In our case I would consider this a low severity issue as we don't allow users to dynamically add or edit smarty templates. Templates has to be updated via merge requests, or by installing a theme. In both cases a malicious attacker already has easier ways to inject whatever code they want. Further, the extend tag is not in use in any of our core templates.
Diffstat (limited to 'vendor/chillerlan/php-qrcode/examples/html.php')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 10:37:26 +0000