Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12211

Attachment file names are run through htmlspecialchars twice

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-a3
    • Fix Version/s: 3.1.0-b3
    • Component/s: None
    • Labels:
      None

      Description

      In 3.0, the filespec class was provided with a raw $_FILES array, which meant that it had to run the file name through htmlspecialchars() itself. In 3.1, it's provided with the result from request.file() which has the file name already sanitized, but the filespec class still has the same behaviour as 3.0. So, the file name is run through htmlspecialchars() twice resulting in a name such as ajax_&<b>error.png ultimately becoming

      ajax_&amp;amp;&amp;lt;b&amp;gt;error.png

        Attachments

          Activity

            People

            • Assignee:
              nickvergessen Joas Schilling
              Reporter:
              prototech prototech
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: