Escape message_media_source to prevent xss.

2026-01-26 02:29:15 +00:00 · 2021-06-04 10:28:31 -06:00
parent 123407f3b8
commit 3073001e5c
1 changed files with 2 additions and 2 deletions
--- a/app/messages/message_media.php
+++ b/app/messages/message_media.php
@@ -34,7 +34,7 @@

 //get media uuid
 	$message_media_uuid = $_GET['id'];
-	$message_media_source = $_GET['src'];
+	$message_media_source = escape($_GET['src']);
 	$action = $_GET['action'];

 //get media
@@ -96,4 +96,4 @@

 	}

-?>
+?>