5662 whitelist post[url] with htmlspecialchars_decode

atutor · Mar 25, 2016 · b011cc6 · b011cc6
1 parent e16e6cf
commit b011cc6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/mods/_core/imscp/ims_import.php b/mods/_core/imscp/ims_import.php
@@ -669,7 +669,7 @@ function glossaryCharacterData($parser, $data){
 }
 
 if (isset($_POST['url']) && ($_POST['url'] != 'http://') ) {
-	if ($content = @file_get_contents($_POST['url'])) {
+	if ($content = @file_get_contents(htmlspecialchars_decode($_POST['url']))) {
 		// save file to /content/
 		$filename = substr(time(), -6). '.zip';
 		$full_filename = AT_CONTENT_DIR . $filename;