aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSem <sembrestels@riseup.net>2012-09-18 20:35:43 +0200
committerSem <sembrestels@riseup.net>2012-09-18 20:35:43 +0200
commit2568ba3296d99c328df0c2b25df1e16c6a3b143f (patch)
tree5da91b67f0c6c6bd3858ed7768ecade6eb7ac456
parentece60b30a4f2fca5708df3fc9e8a9384ab717819 (diff)
downloadelgg-2568ba3296d99c328df0c2b25df1e16c6a3b143f.tar.gz
elgg-2568ba3296d99c328df0c2b25df1e16c6a3b143f.tar.bz2
Avoiding XSS via filename.
-rw-r--r--actions/photos/image/upload.php7
1 files changed, 4 insertions, 3 deletions
diff --git a/actions/photos/image/upload.php b/actions/photos/image/upload.php
index 2dd0959bf..268712666 100644
--- a/actions/photos/image/upload.php
+++ b/actions/photos/image/upload.php
@@ -49,11 +49,12 @@ foreach ($_FILES['images']['name'] as $index => $value) {
if (empty($data['name'])) {
continue;
}
+ $name = htmlspecialchars($data['name'], ENT_QUOTES, 'UTF-8', false);
- $mime = tp_upload_get_mimetype($data['name']);
+ $mime = tp_upload_get_mimetype($name);
$image = new TidypicsImage();
- $image->title = $data['name'];
+ $image->title = $name;
$image->container_guid = $album->getGUID();
$image->setMimeType($mime);
$image->access_id = $album->access_id;
@@ -61,7 +62,7 @@ foreach ($_FILES['images']['name'] as $index => $value) {
try {
$result = $image->save($data);
} catch (Exception $e) {
- array_push($not_uploaded, $data['name']);
+ array_push($not_uploaded, $name);
array_push($error_msgs, $e->getMessage());
}