lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #14759 from aspangaro/10.0p45

Browse Source 
FIX Yogosha report 4433 (backport)
This commit is contained in:
Laurent Destailleur 2020-09-23 19:54:56 +02:00 committed by GitHub
commit f477613326
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/document.php
View File

@ -222,7 +222,7 @@ if (! $accessallowed)
if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file);
exit;
}

2
htdocs/viewimage.php
View File

@ -232,7 +232,7 @@ if (! $accessallowed)
if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file);
exit;
}