From e9d7c7817f0fbb7c3811b5789e7b2e9c1d3ff4e7 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Wed, 31 Aug 2016 14:34:00 +0100
Subject: [PATCH] xssClean uploaded file name

---
 lib/file-control-xhr.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/file-control-xhr.php b/lib/file-control-xhr.php
index ce32a07..c301985 100644
--- a/lib/file-control-xhr.php
+++ b/lib/file-control-xhr.php
@@ -748,7 +748,7 @@ if (!isset($ftpSite) && !$error && $_GET['action']=="upload") {
 
 		function getDetails($fileArr) {
 			foreach($fileArr['name'] as $keyee => $info) {
-				$uploads[$keyee]->name=$fileArr['name'][$keyee];  
+				$uploads[$keyee]->name=xssClean($fileArr['name'][$keyee],"html");  
 				$uploads[$keyee]->type=$fileArr['type'][$keyee];  
 				$uploads[$keyee]->tmp_name=$fileArr['tmp_name'][$keyee];  
 				$uploads[$keyee]->error=$fileArr['error'][$keyee];