Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12212

HTML in attachment file name rendered before upload

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-a3
    • Fix Version/s: 3.1.0-b1
    • Component/s: JavaScript / AJAX
    • Labels:
      None

      Description

      The uploader inserts the file name directly into the page at the moment without handling any HTML special chars that may be in the name. This results in HTML that may be present getting rendered in error messages and the attachments list. This simply causes layout breakage for the user, since the backend takes care of sanitizing the name. Once phpBB returns the file data for the uploaded file, the name in the attachment list gets replaced by the one that phpBB provides.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            prototech prototech
            Reporter:
            prototech prototech
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development