diff options
| author | Adrian Lang <mail@adrianlang.de> | 2012-07-13 12:07:51 +0200 |
|---|---|---|
| committer | Adrian Lang <mail@adrianlang.de> | 2012-07-13 12:15:34 +0200 |
| commit | c98f205e8a6265654072c7d3fea952552837b819 (patch) | |
| tree | 98c3dc6199b1b77372eec687b0acc323a9489029 | |
| parent | c28bd545c49f47ef788a97cd7218701fca4d8681 (diff) | |
| download | rpg-c98f205e8a6265654072c7d3fea952552837b819.tar.gz rpg-c98f205e8a6265654072c7d3fea952552837b819.tar.bz2 | |
Fix HTML injection in mediaFileList (Secunia advisory SA49196)
| -rw-r--r-- | inc/template.php | 2 | ||||
| -rw-r--r-- | lib/exe/ajax.php | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/inc/template.php b/inc/template.php index 76d4d4bbe..040d99d32 100644 --- a/inc/template.php +++ b/inc/template.php @@ -1170,7 +1170,7 @@ function tpl_mediaFileList(){ echo '<div class="panelHeader">'.NL; echo '<h3>'; $tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']'; - printf($lang['media_' . $opened_tab], '<strong>'.$tabTitle.'</strong>'); + printf($lang['media_' . $opened_tab], '<strong>'.hsc($tabTitle).'</strong>'); echo '</h3>'.NL; if ($opened_tab === 'search' || $opened_tab === 'files') { media_tab_files_options(); diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index 3d1584244..945091f34 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -13,7 +13,6 @@ session_write_close(); header('Content-Type: text/html; charset=utf-8'); - //call the requested function if(isset($_POST['call'])){ $call = $_POST['call']; @@ -204,7 +203,7 @@ function ajax_medialist(){ global $conf; global $NS; - $NS = $_POST['ns']; + $NS = cleanID($_POST['ns']); if ($_POST['do'] == 'media') { tpl_mediaFileList(); } else { |