Clientbase
/
PHPWord
mirror of https://github.com/basemaster/PHPWord.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1338 from pcworld/image-security-doc 

Improve security-related documentation of addImage and addHtml
This commit is contained in:
troosan 2018-04-13 22:36:18 +02:00 committed by GitHub
parent 9989e4e387 6253adaba1
commit 57ededeabf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/elements.rst
View File

@ -242,7 +242,7 @@ To add an image, use the ``addImage`` method to sections, headers, footers, text
$section->addImage($src, [$style]); $section->addImage($src, [$style]);
- ``$src``. String path to a local image, URL of a remote image or the image data, as a string. - ``$src``. String path to a local image, URL of a remote image or the image data, as a string. Warning: Do not pass user-generated strings here, as that would allow an attacker to read arbitrary files or perform server-side request forgery by passing file paths or URLs instead of image data.
- ``$style``. See :ref:`image-style`. - ``$style``. See :ref:`image-style`.
Examples: Examples:

2
src/PhpWord/Shared/Html.php
View File

@ -37,6 +37,8 @@ class Html
* Add HTML parts. * Add HTML parts.
* *
* Note: $stylesheet parameter is removed to avoid PHPMD error for unused parameter * Note: $stylesheet parameter is removed to avoid PHPMD error for unused parameter
* Warning: Do not pass user-generated HTML here, as that would allow an attacker to read arbitrary
* files or perform server-side request forgery by passing local file paths or URLs in <img>.
* *
* @param \PhpOffice\PhpWord\Element\AbstractContainer $element Where the parts need to be added * @param \PhpOffice\PhpWord\Element\AbstractContainer $element Where the parts need to be added
* @param string $html The code to parse * @param string $html The code to parse