fixes #177, possible XSS in Media Manager plugin

2022-12-25 14:32:08 +01:00 · 2022-12-25 14:32:08 +01:00 · d3f3294965
commit d3f3294965
parent e53acdeef3
1 changed files with 1 additions and 1 deletions
--- a/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
+++ b/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
@ -233,7 +233,7 @@ class admin_uploader_mediamanager extends AdminPanelAction {

 	function onsubmit($data = NULL) {
 		if (isset($_POST ['mm-newgallery'])) {
-			$newgallery = $_POST ['mm-newgallery-name'];
+			$newgallery = strip_tags($_POST ['mm-newgallery-name']);
 			if ($newgallery == "") {
 				$this->smarty->assign('success', -3);
 				return 2;