IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Escape HTML in filename.

Browse Source
This commit is contained in:
Guo Xiang Tan
2016-08-11 11:27:12 +08:00
parent 8dab20e5b8
commit 11afb20772
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/cooked_post_processor.rb
View File

@@ -270,9 +270,9 @@ class CookedPostProcessor
informations = "#{original_width}x#{original_height}"
informations << " #{number_to_human_size(upload.filesize)}" if upload
a["title"] = img["title"] || filename
a["title"] = CGI.escapeHTML(img["title"] || filename)
meta.add_child create_span_node("filename", img["title"] || filename)
meta.add_child create_span_node("filename", a["title"])
meta.add_child create_span_node("informations", informations)
meta.add_child create_span_node("expand")
end