From 968d5d5f486820bfa30af046f063b9f23304e14a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Wed, 5 Feb 2014 09:25:31 +0100
Subject: [PATCH] Sanitize filename in import message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal Čihař <michal@cihar.com>
---
 import.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/import.php b/import.php
index 61ad4acfcafa..85a78142add5 100644
--- a/import.php
+++ b/import.php
@@ -568,9 +568,9 @@
             $message->addString($import_notice);
         }
         if (isset($local_import_file)) {
-            $message->addString('(' . $local_import_file . ')');
+            $message->addString('(' . htmlspecialchars($local_import_file) . ')');
         } else {
-            $message->addString('(' . $_FILES['import_file']['name'] . ')');
+            $message->addString('(' . htmlspecialchars($_FILES['import_file']['name']) . ')');
         }
     }
 }