[PHPBB3-12211] Attachment file names are run through htmlspecialchars twice

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.0-a3
Fix Version/s: 3.1.0-b3
Component/s: None
Labels:
None

GitHub Pull Request URL:
https://github.com/phpbb/phpbb/pull/2293

Description

In 3.0, the filespec class was provided with a raw $_FILES array, which meant that it had to run the file name through htmlspecialchars() itself. In 3.1, it's provided with the result from request.file() which has the file name already sanitized, but the filespec class still has the same behaviour as 3.0. So, the file name is run through htmlspecialchars() twice resulting in a name such as ajax_&<b>error.png ultimately becoming

ajax_&amp;amp;&amp;lt;b&amp;gt;error.png

Attachments

Activity

People

Assignee:: Joas Schilling

Reporter:: prototech [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Feb/14 7:19 AM

Updated:: 22/Jan/17 4:01 PM

Resolved:: 12/Apr/14 8:17 AM