Fixed dangerous XSS vulnerability

This commit is contained in:
Savetheinternet 2011-03-27 22:35:42 +11:00
parent 7c2938b542
commit 19187b6205

View File

@ -211,7 +211,7 @@
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
if($post['has_file'])
$post['filename'] = get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name'];
$post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']);
if($config['force_body'] && empty($post['body']))
error($config['error']['tooshort_body']);