Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12211

Attachment file names are run through htmlspecialchars twice

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-a3
    • Fix Version/s: 3.1.0-b3
    • Component/s: None
    • Labels:
      None

      Description

      In 3.0, the filespec class was provided with a raw $_FILES array, which meant that it had to run the file name through htmlspecialchars() itself. In 3.1, it's provided with the result from request.file() which has the file name already sanitized, but the filespec class still has the same behaviour as 3.0. So, the file name is run through htmlspecialchars() twice resulting in a name such as ajax_&<b>error.png ultimately becoming

      ajax_&amp;amp;&amp;lt;b&amp;gt;error.png

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            nickvergessen Joas Schilling
            Reporter:
            prototech prototech
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development