From 3073001e5cc6e5e663af10c986fba48eb0f64a6f Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Fri, 4 Jun 2021 10:28:31 -0600 Subject: [PATCH] Escape message_media_source to prevent xss. --- app/messages/message_media.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/messages/message_media.php b/app/messages/message_media.php index 2304eb3595..210a46d918 100644 --- a/app/messages/message_media.php +++ b/app/messages/message_media.php @@ -34,7 +34,7 @@ //get media uuid $message_media_uuid = $_GET['id']; - $message_media_source = $_GET['src']; + $message_media_source = escape($_GET['src']); $action = $_GET['action']; //get media @@ -96,4 +96,4 @@ } -?> \ No newline at end of file +?>