Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12212

HTML in attachment file name rendered before upload

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-a3
    • Fix Version/s: 3.1.0-b1
    • Component/s: JavaScript / AJAX
    • Labels:
      None

      Description

      The uploader inserts the file name directly into the page at the moment without handling any HTML special chars that may be in the name. This results in HTML that may be present getting rendered in error messages and the attachments list. This simply causes layout breakage for the user, since the backend takes care of sanitizing the name. Once phpBB returns the file data for the uploaded file, the name in the attachment list gets replaced by the one that phpBB provides.

        Attachments

          Activity

            People

            • Assignee:
              prototech prototech
              Reporter:
              prototech prototech
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: