From 96673b23e65e0853cbf2867a94abf3973ebc06f9 Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Fri, 13 Jul 2012 12:07:51 +0200 Subject: Fix HTML injection in mediaFileList (Secunia advisory SA49196) --- inc/template.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/template.php') diff --git a/inc/template.php b/inc/template.php index 024bf985c..6dc6842cd 100644 --- a/inc/template.php +++ b/inc/template.php @@ -1151,7 +1151,7 @@ function tpl_mediaFileList(){ echo '
'.NL; echo '

'; $tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']'; - printf($lang['media_' . $opened_tab], ''.$tabTitle.''); + printf($lang['media_' . $opened_tab], ''.hsc($tabTitle).''); echo '

'.NL; if ($opened_tab === 'search' || $opened_tab === 'files') { media_tab_files_options(); -- cgit v1.2.3