dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape message_media_source to prevent xss.

This commit is contained in:
FusionPBX 2021-06-04 10:28:31 -06:00 committed by GitHub
parent 123407f3b8
commit 3073001e5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/messages/message_media.php
View File

@ -34,7 +34,7 @@
//get media uuid
$message_media_uuid = $_GET['id'];
$message_media_source = $_GET['src'];
$message_media_source = escape($_GET['src']);
$action = $_GET['action'];
//get media
@ -96,4 +96,4 @@
}
?>
?>