Dotclear


Ignore:
Timestamp:
12/05/16 14:30:56 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Prevents XSS injection in media title, closes #2224, thanks smarterbitbybit for report

File:
1 edited

Legend:

Unmodified
Added
Removed

  • admin/media_item.php

    r3434 r3440  
    117117          $newFile->relname = $newFile->basename; 
    118118     } 
    119      $newFile->media_title = $_POST['media_title']; 
     119     $newFile->media_title = html::escapeHTML($_POST['media_title']); 
    120120     $newFile->media_dt = strtotime($_POST['media_dt']); 
    121121     $newFile->media_dtstr = $_POST['media_dt']; 
Note: See TracChangeset for help on using the changeset viewer.

Sites map