From 2568ba3296d99c328df0c2b25df1e16c6a3b143f Mon Sep 17 00:00:00 2001
From: Sem <sembrestels@riseup.net>
Date: Tue, 18 Sep 2012 20:35:43 +0200
Subject: Avoiding XSS via filename.

---
 actions/photos/image/upload.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'actions/photos')

diff --git a/actions/photos/image/upload.php b/actions/photos/image/upload.php
index 2dd0959bf..268712666 100644
--- a/actions/photos/image/upload.php
+++ b/actions/photos/image/upload.php
@@ -49,11 +49,12 @@ foreach ($_FILES['images']['name'] as $index => $value) {
 	if (empty($data['name'])) {
 		continue;
 	}
+	$name = htmlspecialchars($data['name'], ENT_QUOTES, 'UTF-8', false);
 
-	$mime = tp_upload_get_mimetype($data['name']);
+	$mime = tp_upload_get_mimetype($name);
 
 	$image = new TidypicsImage();
-	$image->title = $data['name'];
+	$image->title = $name;
 	$image->container_guid = $album->getGUID();
 	$image->setMimeType($mime);
 	$image->access_id = $album->access_id;
@@ -61,7 +62,7 @@ foreach ($_FILES['images']['name'] as $index => $value) {
 	try {
 		$result = $image->save($data);
 	} catch (Exception $e) {
-		array_push($not_uploaded, $data['name']);
+		array_push($not_uploaded, $name);
 		array_push($error_msgs, $e->getMessage());
 	}
 
-- 
cgit v1.2.3