Sanitize data

htdocs/ecm/file_note.php

@@ -73,7 +73,7 @@ if (!$section) {
 	dol_print_error('', 'Error, section parameter missing');
 	exit;
 }
-$urlfile = GETPOST("urlfile");
+$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile"));
 if (!$urlfile) {
 	dol_print_error('', "ErrorParamNotDefined");
 	exit;