github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 05:39:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Escape HTML in filename.

Browse Source
This commit is contained in:
Guo Xiang Tan
2016-08-11 11:27:12 +08:00
parent 8dab20e5b8
commit 11afb20772
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/cooked_post_processor.rb
View File

@ -270,9 +270,9 @@ class CookedPostProcessor
informations = "#{original_width}x#{original_height}"
informations << " #{number_to_human_size(upload.filesize)}" if upload
a["title"] = img["title"] || filename
a["title"] = CGI.escapeHTML(img["title"] || filename)
meta.add_child create_span_node("filename", img["title"] || filename)
meta.add_child create_span_node("filename", a["title"])
meta.add_child create_span_node("informations", informations)
meta.add_child create_span_node("expand")
end