From d6faec76d79f5d1e536bd90a5722d5b1103148a4 Mon Sep 17 00:00:00 2001
From: miguel angel rasteu <miguelangel.rasteu@pandorafms.com>
Date: Tue, 26 Sep 2023 09:57:39 +0200
Subject: [PATCH] #12121 Clear html tag characters to prevent XSS attacks

---
 pandora_console/godmode/setup/file_manager.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pandora_console/godmode/setup/file_manager.php b/pandora_console/godmode/setup/file_manager.php
index cfcf3c0827..211af66cb7 100644
--- a/pandora_console/godmode/setup/file_manager.php
+++ b/pandora_console/godmode/setup/file_manager.php
@@ -71,6 +71,8 @@ if (isset($config['filemanager']['message']) === true) {
 $fallback_directory = 'images';
 // Get directory.
 $directory = (string) get_parameter('directory');
+$directory = str_replace('&lt;', '', $text);
+$directory = str_replace('&gt;', '', $text);
 if (empty($directory) === true) {
     $directory = $fallback_directory;
 } else {