Skip to content
This repository was archived by the owner on Jan 19, 2025. It is now read-only.

Commit e87f77c

Browse files
committed
sec(Documents) sanitize and limit folder name and description
1 parent 5e87fbc commit e87f77c

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: modules/Documents/SaveFolder.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@
1515

1616
$local_log = LoggerManager::getLogger('index');
1717
$folderid = isset($_REQUEST['record']) ? vtlib_purify($_REQUEST['record']) : '';
18-
$foldername = utf8RawUrlDecode($_REQUEST['foldername']);
19-
$folderdesc = utf8RawUrlDecode($_REQUEST['folderdesc']);
18+
$foldername = substr(vtlib_purify(trim(utf8RawUrlDecode($_REQUEST['foldername']))), 0, 20);
19+
$folderdesc = substr(vtlib_purify(trim(utf8RawUrlDecode($_REQUEST['folderdesc']))), 0, 50);
2020

2121
if (isset($_REQUEST['savemode']) && $_REQUEST['savemode'] == 'Save') {
2222
if ($folderid == '') {

0 commit comments

Comments
 (0)