diff options
| author | Adrian Lang <mail@adrianlang.de> | 2012-07-13 12:07:51 +0200 |
|---|---|---|
| committer | Adrian Lang <mail@adrianlang.de> | 2012-07-13 12:15:34 +0200 |
| commit | c98f205e8a6265654072c7d3fea952552837b819 (patch) | |
| tree | 98c3dc6199b1b77372eec687b0acc323a9489029 /lib/exe/ajax.php | |
| parent | c28bd545c49f47ef788a97cd7218701fca4d8681 (diff) | |
| download | rpg-c98f205e8a6265654072c7d3fea952552837b819.tar.gz rpg-c98f205e8a6265654072c7d3fea952552837b819.tar.bz2 | |
Fix HTML injection in mediaFileList (Secunia advisory SA49196)
Diffstat (limited to 'lib/exe/ajax.php')
| -rw-r--r-- | lib/exe/ajax.php | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index 3d1584244..945091f34 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -13,7 +13,6 @@ session_write_close(); header('Content-Type: text/html; charset=utf-8'); - //call the requested function if(isset($_POST['call'])){ $call = $_POST['call']; @@ -204,7 +203,7 @@ function ajax_medialist(){ global $conf; global $NS; - $NS = $_POST['ns']; + $NS = cleanID($_POST['ns']); if ($_POST['do'] == 'media') { tpl_mediaFileList(); } else { |