fixes #600, avoid html in web uploaded filenames

2026-06-02 04:15:05 +02:00 · 2017-01-27 11:13:00 +01:00
parent 746c796d9d
commit 6ec3f2d0fa
2 changed files with 6 additions and 1 deletions
@@ -161,6 +161,11 @@ function add_uploaded_file($source_filepath, $original_filename=null, $categorie

  global $conf, $user;

+  if (!is_null($original_filename))
+  {
+    $original_filename = htmlspecialchars($original_filename);
+  }
+
  if (isset($original_md5sum))
  {
    $md5sum = $original_md5sum;