Fix stored XSS vulnerability reported by ptsecurity.com

fudforum · Jan 14, 2022 · 8ff4468 · 8ff4468
1 parent b15b855
commit 8ff4468
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/install/forum_data/src/attach.inc.t b/install/forum_data/src/attach.inc.t
@@ -1,6 +1,6 @@
 <?php
 /**
-* copyright            : (C) 2001-2013 Advanced Internet Designs Inc.
+* copyright            : (C) 2001-2022 Advanced Internet Designs Inc.
 * email                : forum@prohost.org
 * $Id$
 *
@@ -26,8 +26,8 @@ function safe_attachment_copy($source, $id, $ext)
 
 function attach_add($at, $owner, $attach_opt=0, $ext=0)
 {
-	$id = db_qid('INSERT INTO {SQL_TABLE_PREFIX}attach (location, message_id, original_name, owner, attach_opt, mime_type,fsize) '.
-		q_limit('SELECT null AS location, 0 AS message_id, '. _esc($at['name']) .' AS original_name, '. $owner .' AS owner, '. $attach_opt .' AS attach_opt, id AS mime_type, '. $at['size'] .' AS fsize 
+	$id = db_qid('INSERT INTO {SQL_TABLE_PREFIX}attach (location, message_id, original_name, owner, attach_opt, mime_type, fsize) '.
+		q_limit('SELECT null AS location, 0 AS message_id, '. _esc(htmlspecialchars($at['name'])) .' AS original_name, '. $owner .' AS owner, '. $attach_opt .' AS attach_opt, id AS mime_type, '. $at['size'] .' AS fsize 
 			FROM {SQL_TABLE_PREFIX}mime WHERE fl_ext IN(\'*\', '. _esc(strtolower(substr(strrchr($at['name'], '.'), 1))) .')
 			ORDER BY fl_ext DESC'
 		, 1)