Skip to content
Snippets Groups Projects
Commit c98f205e authored by Adrian Lang's avatar Adrian Lang
Browse files

Fix HTML injection in mediaFileList (Secunia advisory SA49196)

parent c28bd545
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
inc/template.php
+ 1
1
View file @ c98f205e
...@@ -1170,7 +1170,7 @@ function tpl_mediaFileList(){ ...@@ -1170,7 +1170,7 @@ function tpl_mediaFileList(){
echo '<div class="panelHeader">'.NL; echo '<div class="panelHeader">'.NL;
echo '<h3>'; echo '<h3>';
$tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']'; $tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']';
printf($lang['media_' . $opened_tab], '<strong>'.$tabTitle.'</strong>'); printf($lang['media_' . $opened_tab], '<strong>'.hsc($tabTitle).'</strong>');
echo '</h3>'.NL; echo '</h3>'.NL;
if ($opened_tab === 'search' || $opened_tab === 'files') { if ($opened_tab === 'search' || $opened_tab === 'files') {
media_tab_files_options(); media_tab_files_options();
......
lib/exe/ajax.php
+ 1
2
View file @ c98f205e
...@@ -13,7 +13,6 @@ session_write_close(); ...@@ -13,7 +13,6 @@ session_write_close();
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
//call the requested function //call the requested function
if(isset($_POST['call'])){ if(isset($_POST['call'])){
$call = $_POST['call']; $call = $_POST['call'];
...@@ -204,7 +203,7 @@ function ajax_medialist(){ ...@@ -204,7 +203,7 @@ function ajax_medialist(){
global $conf; global $conf;
global $NS; global $NS;
$NS = $_POST['ns']; $NS = cleanID($_POST['ns']);
if ($_POST['do'] == 'media') { if ($_POST['do'] == 'media') {
tpl_mediaFileList(); tpl_mediaFileList();
} else { } else {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment