This repository has been archived by the owner on Jul 27, 2023. It is now read-only.

The content of a textinput field is executable #40

Open

albertborsos opened this issue Jan 6, 2022 · 0 comments

albertborsos commented Jan 6, 2022

This line is pretty dangerous. Try to update a value to phpinfo in a textinput editable field, and refresh the page.

yii2-editable-widget/src/Editable.php

Line 105 in 8de9559

} elseif (is_callable($value)) {

The text was updated successfully, but these errors were encountered:

albertborsos mentioned this issue

remove call_user_func() method usage #41

Open

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.