From 19187b6205b826e48f1bd2e61a5c24df879b9c6a Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 27 Mar 2011 22:35:42 +1100 Subject: [PATCH] Fixed dangerous XSS vulnerability --- post.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.php b/post.php index 4dd8cc6e..18c97435 100644 --- a/post.php +++ b/post.php @@ -211,7 +211,7 @@ $post['mod'] = isset($_POST['mod']) && $_POST['mod']; if($post['has_file']) - $post['filename'] = get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']; + $post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']); if($config['force_body'] && empty($post['body'])) error($config['error']['tooshort_body']);