Fix HTML injection in mediaFileList (Secunia advisory SA49196)

adrianheine · adrianheine · commit 96673b23e65e · 2012-07-13T12:15:48.000+02:00
diff --git a/inc/template.php b/inc/template.php
@@ -1151,7 +1151,7 @@ function tpl_mediaFileList(){
     echo '<div class="panelHeader">'.NL;
     echo '<h3>';
     $tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']';
-    printf($lang['media_' . $opened_tab], '<strong>'.$tabTitle.'</strong>');
+    printf($lang['media_' . $opened_tab], '<strong>'.hsc($tabTitle).'</strong>');
     echo '</h3>'.NL;
     if ($opened_tab === 'search' || $opened_tab === 'files') {
         media_tab_files_options();
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
@@ -13,7 +13,6 @@
 
 header('Content-Type: text/html; charset=utf-8');
 
-
 //call the requested function
 if(isset($_POST['call'])){
     $call = $_POST['call'];
@@ -204,7 +203,7 @@ function ajax_medialist(){
     global $conf;
     global $NS;
 
-    $NS = $_POST['ns'];
+    $NS = cleanID($_POST['ns']);
     if ($_POST['do'] == 'media') {
         tpl_mediaFileList();
     } else {
