fixes #1168 prevent XSS on pwg.images.setInfo

2026-06-02 04:15:05 +02:00 · 2020-03-24 14:07:49 +01:00
parent e21ef06e3d
commit 1e23ed84d3
1 changed files with 6 additions and 1 deletions
@@ -1674,7 +1674,12 @@ SELECT *
        );
    }

-    $update['file'] = $params['file'];
+    // prevent XSS, remove HTML tags
+    $update['file'] = strip_tags($params['file']);
+    if (empty($update['file']))
+    {
+      unset($update['file']);
+    }
  }

  if (count(array_keys($update)) > 0)