From c98f205e8a6265654072c7d3fea952552837b819 Mon Sep 17 00:00:00 2001
From: Adrian Lang <mail@adrianlang.de>
Date: Fri, 13 Jul 2012 12:07:51 +0200
Subject: Fix HTML injection in mediaFileList (Secunia advisory SA49196)

---
 lib/exe/ajax.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index 3d1584244..945091f34 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -13,7 +13,6 @@ session_write_close();
 
 header('Content-Type: text/html; charset=utf-8');
 
-
 //call the requested function
 if(isset($_POST['call'])){
     $call = $_POST['call'];
@@ -204,7 +203,7 @@ function ajax_medialist(){
     global $conf;
     global $NS;
 
-    $NS = $_POST['ns'];
+    $NS = cleanID($_POST['ns']);
     if ($_POST['do'] == 'media') {
         tpl_mediaFileList();
     } else {
-- 
cgit v1.2.3