From d3f329496536dc99f9707f2f295d571d65a496f5 Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sun, 25 Dec 2022 14:32:08 +0100
Subject: [PATCH] fixes #177, possible XSS in Media Manager plugin

---
 fp-plugins/mediamanager/panels/panel.mediamanager.file.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fp-plugins/mediamanager/panels/panel.mediamanager.file.php b/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
index 03e7ba0..331a32b 100644
--- a/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
+++ b/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
@@ -233,7 +233,7 @@ class admin_uploader_mediamanager extends AdminPanelAction {
 
 	function onsubmit($data = NULL) {
 		if (isset($_POST ['mm-newgallery'])) {
-			$newgallery = $_POST ['mm-newgallery-name'];
+			$newgallery = strip_tags($_POST ['mm-newgallery-name']);
 			if ($newgallery == "") {
 				$this->smarty->assign('success', -3);
 				return 2;