mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-06-02 22:12:16 +02:00
Merge pull request #1 from purecarnage/fix-xss-in-filename
Fixed 3 sinks which caused XSS in filename
This commit is contained in:
commit
221c92c880
|
@ -1994,11 +1994,11 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white
|
|||
<?php
|
||||
if (in_array(strtolower(pathinfo($f, PATHINFO_EXTENSION)), array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg'))): ?>
|
||||
<?php $imagePreview = fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f); ?>
|
||||
<a href="<?php echo $filelink ?>" data-preview-image="<?php echo $imagePreview ?>" title="<?php echo $f ?>">
|
||||
<a href="<?php echo $filelink ?>" data-preview-image="<?php echo $imagePreview ?>" title="<?php echo fm_enc($f) ?>">
|
||||
<?php else: ?>
|
||||
<a href="<?php echo $filelink ?>" title="<?php echo $f ?>">
|
||||
<?php endif; ?>
|
||||
<i class="<?php echo $img ?>"></i> <?php echo fm_convert_win($f) ?>
|
||||
<i class="<?php echo $img ?>"></i> <?php echo fm_convert_win(fm_enc($f)) ?>
|
||||
</a>
|
||||
<?php echo($is_link ? ' → <i>' . readlink($path . '/' . $f) . '</i>' : '') ?>
|
||||
</div>
|
||||
|
@ -2013,7 +2013,7 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white
|
|||
<td><?php echo fm_enc($owner['name'] . ':' . $group['name']) ?></td>
|
||||
<?php endif; ?>
|
||||
<td class="inline-actions">
|
||||
<a title="<?php echo lng('Preview') ?>" href="<?php echo $filelink.'&quickView=1'; ?>" data-toggle="lightbox" data-gallery="tiny-gallery" data-title="<?php echo fm_convert_win($f) ?>" data-max-width="100%" data-width="100%"><i class="fa fa-eye"></i></a>
|
||||
<a title="<?php echo lng('Preview') ?>" href="<?php echo $filelink.'&quickView=1'; ?>" data-toggle="lightbox" data-gallery="tiny-gallery" data-title="<?php echo fm_convert_win(fm_enc($f)) ?>" data-max-width="100%" data-width="100%"><i class="fa fa-eye"></i></a>
|
||||
<?php if (!FM_READONLY): ?>
|
||||
<a title="<?php echo lng('Delete') ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&del=<?php echo urlencode($f) ?>" onclick="return confirm('<?php echo lng('Delete').' '.lng('File').'?'; ?>\n \n ( <?php echo urlencode($f) ?> )');"> <i class="fa fa-trash-o"></i></a>
|
||||
<a title="<?php echo lng('Rename') ?>" href="#" onclick="rename('<?php echo fm_enc(FM_PATH) ?>', '<?php echo fm_enc(addslashes($f)) ?>');return false;"><i class="fa fa-pencil-square-o"></i></a>
|
||||
|
|
Loading…
Reference in a new issue