diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-04-11 21:08:15 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-04-11 21:10:28 +0200 |
| commit | 106be54de3e8295e74cf3ab27c6062993b2786e8 (patch) | |
| tree | e3abd5267c76337ca276f5dd9b5ad8ae1131bfac /phpBB/includes/functions_upload.php | |
| parent | 13a34ce59f2e39b3f74082737058251557fb600c (diff) | |
| download | forums-106be54de3e8295e74cf3ab27c6062993b2786e8.tar forums-106be54de3e8295e74cf3ab27c6062993b2786e8.tar.gz forums-106be54de3e8295e74cf3ab27c6062993b2786e8.tar.bz2 forums-106be54de3e8295e74cf3ab27c6062993b2786e8.tar.xz forums-106be54de3e8295e74cf3ab27c6062993b2786e8.zip | |
[ticket/12211] Do not run attachment file names twice through htmlspecialchars
Upload filenames are already processed via htmlspecialchars in the
type_cast_helper of the new request class. There is no need to run it through
htmlspecialchars() again in the filespec class.
PHPBB3-12211
Diffstat (limited to 'phpBB/includes/functions_upload.php')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 04d483e14c..9d61e39c98 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -64,7 +64,7 @@ class filespec $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; $name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name']; - $name = trim(utf8_htmlspecialchars(utf8_basename($name))); + $name = trim(utf8_basename($name)); $this->realname = $this->uploadname = $name; $this->mimetype = $upload_ary['type']; |