tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

#12121 Clear html tag characters to prevent XSS attacks

Browse Source
This commit is contained in:
miguel angel rasteu 2023-09-26 09:57:39 +02:00
parent fbeb616eb8
commit d6faec76d7
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/godmode/setup/file_manager.php
View File

@ -71,6 +71,8 @@ if (isset($config['filemanager']['message']) === true) {
$fallback_directory = 'images';
// Get directory.
$directory = (string) get_parameter('directory');
$directory = str_replace('<', '', $text);
$directory = str_replace('>', '', $text);
if (empty($directory) === true) {
$directory = $fallback_directory;
} else {