Fixed issue #13428: Reflected XSS in file uploader

LimeSurvey · Feb 28, 2018 · 1738c23 · 1738c23
1 parent e2237c0
commit 1738c23
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/UploaderController.php b/application/controllers/UploaderController.php
@@ -37,7 +37,7 @@ function run($actionID)
         $sFileName = Yii::app()->request->getParam('filename', ''); // The file to delete fu_ or fu_tmp
         $sOriginalFileName = Yii::app()->request->getParam('name', ''); // Used for javascript return only
         $sMode = Yii::app()->request->getParam('mode');
-        $sPreview = Yii::app()->request->getParam('preview', 0);
+        $sPreview = htmlspecialchars(Yii::app()->request->getParam('preview', 0));
 
         // Validate and filter and throw error if problems
         // Using 'futmp_'.randomChars(15).'_'.$pathinfo['extension'] for filename, then remove all other characters