Skip to content

Commit 5479b4a

Browse files
nikkoenggalianothorsten
authored andcommitted
Fixing unsafe render filename on attachments.php
Pathing the unsafe filename rendering that causing the Store XSS on attachments pages
1 parent 9ba57de commit 5479b4a

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

Diff for: phpmyfaq/admin/attachments.php

+4-3
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
use phpMyFAQ\Session\Token;
2222
use phpMyFAQ\Translation;
2323
use phpMyFAQ\Utils;
24+
use phpMyFAQ\Strings;
2425
use Symfony\Component\HttpFoundation\Request;
2526

2627
if (!defined('IS_VALID_PHPMYFAQ')) {
@@ -70,10 +71,10 @@
7071
<?php foreach ($crumbs as $item) : ?>
7172
<tr id="attachment_<?= $item->id ?>" title="<?= $item->thema ?>">
7273
<td><?= $item->id ?></td>
73-
<td><?= $item->filename ?></td>
74-
<td><?= $item->record_lang ?></td>
74+
<td><?= Strings::htmlentities($item->filename); ?></td>
75+
<td><?= Strings::htmlentities($item->record_lang); ?></td>
7576
<td><?= Utils::formatBytes($item->filesize) ?></td>
76-
<td><?= $item->mime_type ?></td>
77+
<td><?= Strings::htmlentities($item->mime_type); ?></td>
7778
<td>
7879
<button class="btn btn-danger btn-delete-attachment" title="<?= Translation::get('ad_gen_delete') ?>"
7980
data-attachment-id="<?= $item->id ?>"

0 commit comments

Comments
 (0)