Skip to content
Snippets Groups Projects
Commit bd427cdf authored by JediKev's avatar JediKev
Browse files

issue: Format File Name

This formats the filename before using it in an error to avoid chance of
XSS.
parent 88f97b55
No related branches found
Tags v1.9.0
No related merge requests found
......@@ -93,7 +93,7 @@ class TicketApiController extends ApiController {
catch (FileUploadError $ex) {
$name = $file['name'];
$file = array();
$file['error'] = $name . ': ' . $ex->getMessage();
$file['error'] = Format::htmlchars($name) . ': ' . $ex->getMessage();
}
}
unset($file);
......
......@@ -847,7 +847,7 @@ class MailFetcher {
catch (FileUploadError $ex) {
$name = $file['name'];
$file = array();
$file['error'] = $name . ': ' . $ex->getMessage();
$file['error'] = Format::htmlchars($name) . ': ' . $ex->getMessage();
}
$vars['attachments'][] = $file;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment