Changeset 3295:40d0207e520d

Timestamp:

08/01/16 15:31:14 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Fix reflected XSS vulnerabilities in media manager, thanks Chen Ruiqi for report

File:

• admin/media.php (modified) (2 diffs)

admin/media.php

@@ -32 +32 @@
 
 // Attachement type if any
-$link_type = !empty($_REQUEST['link_type']) ? $_REQUEST['link_type'] : null;
+$link_type = !empty($_REQUEST['link_type']) ? html::escapeHTML($_REQUEST['link_type']) : null;
 
 $page = !empty($_GET['page']) ? max(1,(integer) $_GET['page']) : 1;
@@ -60 +60 @@
 
 # Get query if any
-$q = isset($_REQUEST['q']) ? $_REQUEST['q'] : null;
+$q = isset($_REQUEST['q']) ? html::escapeHTML($_REQUEST['q']) : null;
 
 # Sort combo