mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-27 19:59:56 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #600, avoid html in web uploaded filenames

Browse source
This commit is contained in:
plegall 2017-01-27 11:13:00 +01:00
parent 746c796d9d
commit 6ec3f2d0fa
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
action.php
View file

@ -216,7 +216,7 @@ $http_headers[] = 'Content-Type: '.$ctype;
if (isset($_GET['download'])) if (isset($_GET['download']))
{ {
$http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";'; $http_headers[] = 'Content-Disposition: attachment; filename="'.htmlspecialchars_decode($element_info['file']).'";';
$http_headers[] = 'Content-Transfer-Encoding: binary'; $http_headers[] = 'Content-Transfer-Encoding: binary';
} }
else else

5
admin/include/functions_upload.inc.php
View file

@ -161,6 +161,11 @@ function add_uploaded_file($source_filepath, $original_filename=null, $categorie
global $conf, $user; global $conf, $user;
if (!is_null($original_filename))
{
$original_filename = htmlspecialchars($original_filename);
}
if (isset($original_md5sum)) if (isset($original_md5sum))
{ {
$md5sum = $original_md5sum; $md5sum = $original_md5sum;