From 6b03a2d26440c424b943fd9bd1de49c0a38d9ec8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 27 Dec 2020 20:49:40 +0100
Subject: [PATCH] Sanitize data

---
 htdocs/ecm/file_note.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/ecm/file_note.php b/htdocs/ecm/file_note.php
index dba96710f60..d2f3f7b4792 100644
--- a/htdocs/ecm/file_note.php
+++ b/htdocs/ecm/file_note.php
@@ -73,7 +73,7 @@ if (!$section) {
 	dol_print_error('', 'Error, section parameter missing');
 	exit;
 }
-$urlfile = GETPOST("urlfile");
+$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile"));
 if (!$urlfile) {
 	dol_print_error('', "ErrorParamNotDefined");
 	exit;