From 9552c55ad8fe71aa742db1729b0d48ca4afd339a Mon Sep 17 00:00:00 2001
From: noobpk <ltp.noobpk@gmail.com>
Date: Tue, 16 Nov 2021 22:23:11 +0700
Subject: [PATCH] Fix Stored XSS via filename when upload file Disclosure:
 https://huntr.dev/bounties/e613680f-e3de-442d-8032-330890c49885/

---
 src/domain/projects/templates/showProject.tpl.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/domain/projects/templates/showProject.tpl.php b/src/domain/projects/templates/showProject.tpl.php
index 1e2bd89db..202f93f2d 100644
--- a/src/domain/projects/templates/showProject.tpl.php
+++ b/src/domain/projects/templates/showProject.tpl.php
@@ -101,7 +101,7 @@
                                                             <?php else: ?>
                                                             <img style='max-height: 50px; max-width: 70px;' src='<?=BASE_URL ?>/images/thumbs/doc.png' />
                                                             <?php endif; ?>
-                                                        <span class="filename"><?php echo $file['realName'] ?></span>
+                                                        <span class="filename"><?php $this->e($file['realName']) ?></span>
 
                                                       </a>