Fix ACP Themes persistent XSS

mybb · Nov 4, 2023 · 468900d · 468900d
1 parent 6dcaf0b
commit 468900d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/admin/modules/style/themes.php b/admin/modules/style/themes.php
@@ -1447,7 +1447,7 @@ function checkAction(id)
 					$sep = " {$lang->and} ";
 				}
 
-				$inherited .= $sep.$file;
+				$inherited .= $sep.htmlspecialchars_uni($file);
 				$sep = $lang->comma;
 
 				++$count;
@@ -1558,7 +1558,7 @@ function checkAction(id)
 			$popup->add_item($lang->delete_revert, "index.php?module=style-themes&amp;action=delete_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_stylesheet_deletion}')");
 		}
 
-		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">{$filename}</a></strong>{$inherited}<br />{$attached_to}");
+		$table->construct_cell("<strong><a href=\"index.php?module=style-themes&amp;action=edit_stylesheet&amp;file=".htmlspecialchars_uni($filename)."&amp;tid={$theme['tid']}\">".htmlspecialchars_uni($filename)."</a></strong>{$inherited}<br />{$attached_to}");
 		$table->construct_cell($form->generate_numeric_field("disporder[{$theme_stylesheets[$filename]['sid']}]", $properties['disporder'][$filename], array('style' => 'width: 80%; text-align: center;', 'min' => 0)), array("class" => "align_center"));
 		$table->construct_cell($popup->fetch(), array("class" => "align_center"));
 		$table->construct_row();