Security: Remove possible XSS when showing file name selected

AngelFQC · AngelFQC · commit a63e03ef961e · 2024-02-12T11:25:13.000-05:00
diff --git a/main/inc/lib/pear/HTML/QuickForm/file.php b/main/inc/lib/pear/HTML/QuickForm/file.php
@@ -460,7 +460,7 @@ public function getTemplate($layout)
                                 if (this.files[0]) {
                                     fileName = this.files[0].name;
                                 }
-                                the_return.innerHTML = fileName;
+                                the_return.textContent = fileName;
                             });
                         </script>
                     ';

Original file line number	Diff line number	Diff line change
`@@ -460,7 +460,7 @@ public function getTemplate($layout)`
`460`	`460`	`if (this.files[0]) {`
`461`	`461`	`fileName = this.files[0].name;`
`462`	`462`	`}`
`463`		`- the_return.innerHTML = fileName;`
	`463`	`+ the_return.textContent = fileName;`
`464`	`464`	`});`
`465`	`465`	`</script>`
`466`	`466`	`';`