From cf1eaf8ef1c2d89b0ebee76a0a436daa7a7bf66f Mon Sep 17 00:00:00 2001
From: Prasath Mani <pmani@sapient.com>
Date: Wed, 13 Dec 2017 13:26:56 +0530
Subject: [PATCH] remove unwanted characters from folder name

---
 tinyfilemanager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index 7786f81..30f44f5 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -249,7 +249,7 @@ if (isset($_GET['del']) && !FM_READONLY) {
 
 // Create folder
 if (isset($_GET['new']) && isset($_GET['type']) && !FM_READONLY) {
-    $new = $_GET['new'];
+    $new = strip_tags($_GET['new']);
     $type = $_GET['type'];
     $new = fm_clean_path($new);
     $new = str_replace('/', '', $new);