diff --git a/inc/functions_upload.php b/inc/functions_upload.php
index bbfcab78ee..ed27b2325d 100644
--- a/inc/functions_upload.php
+++ b/inc/functions_upload.php
@@ -823,7 +823,7 @@ function add_attachments($pid, $forumpermissions, $attachwhere, $action=false)
}
else if(isset($attachedfile['aid']) && $mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
{
- $ret['success'][] = array($attachedfile['aid'], get_attachment_icon(get_extension($filename)), $filename, get_friendly_size($FILE['size']));
+ $ret['success'][] = array($attachedfile['aid'], get_attachment_icon(get_extension($filename)), htmlspecialchars_uni($filename), get_friendly_size($FILE['size']));
}
}
}
diff --git a/install/resources/mybb_theme.xml b/install/resources/mybb_theme.xml
index e981364b81..7b11d78374 100644
--- a/install/resources/mybb_theme.xml
+++ b/install/resources/mybb_theme.xml
@@ -9606,7 +9606,7 @@ if(use_xmlhttprequest == "1")
]]>
-
lang.add_attachment = "{$lang->add_attachment}";
lang.update_attachment = "{$lang->update_attachment}";
@@ -9622,7 +9622,7 @@ if(use_xmlhttprequest == "1")
php_max_file_uploads = {$php_max_file_uploads};
mybb_max_file_uploads = {$mybb->settings['maxattachments']};
-
+
]]>
diff --git a/jscripts/post.js b/jscripts/post.js
index fb003c0e77..1f184623f0 100644
--- a/jscripts/post.js
+++ b/jscripts/post.js
@@ -215,8 +215,15 @@ var Post = {
if (Post.fileInput.prop('files').length) {
var common = Post.getCommonFiles();
if (common.length) {
- common = '';
- MyBB.prompt(lang.update_confirm.replace("{1}", common), {
+ var list = document.createElement('ul');
+
+ $.map(common, function (val) {
+ var e = document.createElement('li');
+ e.textContent = val;
+ list.append(e);
+ });
+
+ MyBB.prompt(lang.update_confirm.replace("{1}", list.outerHTML), {
buttons: [
{ title: yes_confirm, value: true },
{ title: no_confirm, value: false }