iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #600, avoid html in web uploaded filenames

Browse Source
This commit is contained in:
plegall
2017-01-27 11:13:00 +01:00
parent 746c796d9d
commit 6ec3f2d0fa
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
action.php
View File

@@ -216,7 +216,7 @@ $http_headers[] = 'Content-Type: '.$ctype;
if (isset($_GET['download']))
{
$http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';
$http_headers[] = 'Content-Disposition: attachment; filename="'.htmlspecialchars_decode($element_info['file']).'";';
$http_headers[] = 'Content-Transfer-Encoding: binary';
}
else

5
admin/include/functions_upload.inc.php
View File

@@ -161,6 +161,11 @@ function add_uploaded_file($source_filepath, $original_filename=null, $categorie
global $conf, $user;
if (!is_null($original_filename))
{
$original_filename = htmlspecialchars($original_filename);
}
if (isset($original_md5sum))
{
$md5sum = $original_md5sum;