Dotclear


Ignore:
Timestamp:
12/05/16 14:30:56 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
2.10
source:
5536ac77e915c6f888796188185621effac42e6d
Message:

Prevents XSS injection in media title, closes #2224, thanks smarterbitbybit for report

File:
1 edited

Legend:

Unmodified
Added
Removed

  • admin/media.php

    r3295 r3441  
    276276               files::uploadStatus($upfile); 
    277277 
    278                $f_title = (isset($_POST['upfiletitle']) ? $_POST['upfiletitle'] : ''); 
     278               $f_title = (isset($_POST['upfiletitle']) ? html::escapeHTML($_POST['upfiletitle']) : ''); 
    279279               $f_private = (isset($_POST['upfilepriv']) ? $_POST['upfilepriv'] : false); 
    280280 
Note: See TracChangeset for help on using the changeset viewer.

Sites map