Fix HTML injection in mediaFileList (Secunia advisory SA49196)

author: Adrian Lang <mail@adrianlang.de> 2012-07-13 12:07:51 +0200
committer: Adrian Lang <mail@adrianlang.de> 2012-07-13 12:15:48 +0200
commit: 96673b23e65e0853cbf2867a94abf3973ebc06f9 (patch)
tree: 9c896ddaf865848c69dd80a3d397ba9d0ea33783 /inc
parent: c0c314bf9821b3735d341bbf9d7977815bf83de2 (diff)
download: rpg-96673b23e65e0853cbf2867a94abf3973ebc06f9.tar.gz
rpg-96673b23e65e0853cbf2867a94abf3973ebc06f9.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/template.php b/inc/template.php
index 024bf985c..6dc6842cd 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -1151,7 +1151,7 @@ function tpl_mediaFileList(){
     echo '<div class="panelHeader">'.NL;
     echo '<h3>';
     $tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']';
-    printf($lang['media_' . $opened_tab], '<strong>'.$tabTitle.'</strong>');
+    printf($lang['media_' . $opened_tab], '<strong>'.hsc($tabTitle).'</strong>');
     echo '</h3>'.NL;
     if ($opened_tab === 'search' || $opened_tab === 'files') {
         media_tab_files_options();
author	Adrian Lang <mail@adrianlang.de>	2012-07-13 12:07:51 +0200
committer	Adrian Lang <mail@adrianlang.de>	2012-07-13 12:15:48 +0200
commit	96673b23e65e0853cbf2867a94abf3973ebc06f9 (patch)
tree	9c896ddaf865848c69dd80a3d397ba9d0ea33783 /inc
parent	c0c314bf9821b3735d341bbf9d7977815bf83de2 (diff)
download	rpg-96673b23e65e0853cbf2867a94abf3973ebc06f9.tar.gz rpg-96673b23e65e0853cbf2867a94abf3973ebc06f9.tar.bz2