tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-12121-cve-2023-41814-xss-en-file-manager' into 'develop' 

Ent 12121 cve 2023 41814 xss en file manager

See merge request artica/pandorafms!6499
This commit is contained in:
Rafael Ameijeiras 2023-11-27 10:25:54 +00:00
parent c321165252 d6faec76d7
commit cd8652f9e6
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/godmode/setup/file_manager.php
View File

@ -71,6 +71,8 @@ if (isset($config['filemanager']['message']) === true) {
$fallback_directory = 'images'; $fallback_directory = 'images';
// Get directory. // Get directory.
$directory = (string) get_parameter('directory'); $directory = (string) get_parameter('directory');
$directory = str_replace('<', '', $text);
$directory = str_replace('>', '', $text);
if (empty($directory) === true) { if (empty($directory) === true) {
$directory = $fallback_directory; $directory = $fallback_directory;
} else { } else {