#12121 Clear html tag characters to prevent XSS attacks

2023-09-26 09:57:39 +02:00 · 2023-09-26 09:57:39 +02:00 · d6faec76d7
parent fbeb616eb8
commit d6faec76d7
1 changed files with 2 additions and 0 deletions
--- a/pandora_console/godmode/setup/file_manager.php
+++ b/pandora_console/godmode/setup/file_manager.php
@ -71,6 +71,8 @@ if (isset($config['filemanager']['message']) === true) {
 $fallback_directory = 'images';
 // Get directory.
 $directory = (string) get_parameter('directory');
+$directory = str_replace('&lt;', '', $text);
+$directory = str_replace('&gt;', '', $text);
 if (empty($directory) === true) {
    $directory = $fallback_directory;
 } else {