From 09e47a5a8a23aa96ce26a61894d221494a5f25d9 Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Wed, 3 Aug 2022 14:27:58 +0200
Subject: [PATCH] Add DoS security on sanitizeVal() with img

---
 htdocs/core/lib/functions.lib.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index cf4b19d3aa6..5f9e1b7f4cc 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -923,6 +923,10 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
 						// Remove the trick added to solve pb with text without parent tag
 						$out = preg_replace('/^<div class="tricktoremove">/', '', $out);
 						$out = preg_replace('/<\/div>$/', '', $out);
+						preg_match_all('/(<img)/', $out, $reg);
+						if (count($reg[0]) > (getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") ? getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT") : 1000)) {
+							$out = '';
+						}
 					} catch (Exception $e) {
 						//print $e->getMessage();
 						return 'InvalidHTMLString';