dokuwiki/dokuwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix HTML injection in mediaFileList (Secunia advisory SA49196)

Browse source
This commit is contained in:
Adrian Lang 2012-07-13 12:07:51 +02:00
parent c28bd545c4
commit c98f205e8a
2 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
inc/template.php
View file

@ -1170,7 +1170,7 @@ function tpl_mediaFileList(){
echo '<div class="panelHeader">'.NL;
echo '<h3>';
$tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']';
printf($lang['media_' . $opened_tab], '<strong>'.$tabTitle.'</strong>');
printf($lang['media_' . $opened_tab], '<strong>'.hsc($tabTitle).'</strong>');
echo '</h3>'.NL;
if ($opened_tab === 'search' || $opened_tab === 'files') {
media_tab_files_options();

3
lib/exe/ajax.php
View file

@ -13,7 +13,6 @@ session_write_close();
header('Content-Type: text/html; charset=utf-8');
//call the requested function
if(isset($_POST['call'])){
$call = $_POST['call'];
@ -204,7 +203,7 @@ function ajax_medialist(){
global $conf;
global $NS;
$NS = $_POST['ns'];
$NS = cleanID($_POST['ns']);
if ($_POST['do'] == 'media') {
tpl_mediaFileList();
} else {