From d1d4914684dfc4fbd1c2677ceaca17d1ba2aed97 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 27 Dec 2020 20:49:54 +0100
Subject: [PATCH] Sanitize data

---
 htdocs/ecm/file_card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php
index 496afbf8568..abd6209ac7a 100644
--- a/htdocs/ecm/file_card.php
+++ b/htdocs/ecm/file_card.php
@@ -65,7 +65,7 @@ if (!$section)
 	dol_print_error('', 'Error, section parameter missing');
 	exit;
 }
-$urlfile = GETPOST("urlfile");
+$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile"));
 if (!$urlfile)
 {
 	dol_print_error('', "ErrorParamNotDefined");