From c8731113a1adc05a10d233bd2dd22384cb6ca289 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@enhancesoft.com>
Date: Wed, 22 Aug 2018 02:19:25 +0000
Subject: [PATCH] oops:  htmlchar filename

---
 include/class.forms.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/class.forms.php b/include/class.forms.php
index 5022a8ce2..7d7c585e9 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -4605,7 +4605,7 @@ class FreeTextWidget extends Widget {
             <section class="freetext-files">
             <div class="title"><?php echo __('Related Resources'); ?></div>
             <?php foreach ($attachments->all() as $attach) {
-                $filename = $attach->getFilename();
+                $filename = Format::htmlchars($attach->getFilename());
                 ?>
                 <div class="file">
                 <a href="<?php echo $attach->file->getDownloadUrl(); ?>"
-- 
GitLab