(cp 917cab5) fixes GHSA-7379-w44f-mfw4 and fixes GHSA-8g2g-6f2c-6h7j …

…protect tag name from XSS
Piwigo · Mar 1, 2024 · 5069610 · 5069610
1 parent 7fc04d7
commit 5069610
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/admin/include/functions.php b/admin/include/functions.php
@@ -2365,6 +2365,9 @@ function get_extents($start='')
  */
 function create_tag($tag_name)
 {
+  // clean the tag, no html/js allowed in tag name
+  $tag_name = strip_tags($tag_name);
+
   // does the tag already exists?
   $query = '
 SELECT id