mirror of https://github.com/MISP/MISP
fix: [security] rest client additional sanitisation for non json responses
- escape non json response bodies - as reported by Nils Putnins from NCIA NCSCpull/9764/head
parent
09a43870e7
commit
f08a2eaec2
|
@ -648,6 +648,9 @@ class RestResponseComponent extends Component
|
|||
} else {
|
||||
$prettyPrint = !$this->isAutomaticTool(); // Do not pretty print response for automatic tools
|
||||
$response = JsonTool::encode($response, $prettyPrint);
|
||||
if ($format !== 'json') {
|
||||
$response = h($response);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ($dumpSql) {
|
||||
|
@ -669,7 +672,6 @@ class RestResponseComponent extends Component
|
|||
$tmpFile->writeWithSeparator($response, null);
|
||||
$response = $tmpFile;
|
||||
}
|
||||
|
||||
if ($response instanceof TmpFileTool) {
|
||||
$requestEtag = $this->requestEtag();
|
||||
if ($requestEtag !== null) {
|
||||
|
|
Loading…
Reference in New Issue