Security: Remove possible XSS when showing file name selected

2 years ago · a63e03ef96
parent 78d9462b1f
commit a63e03ef96
1 changed files with 1 additions and 1 deletions
--- a/main/inc/lib/pear/HTML/QuickForm/file.php
+++ b/main/inc/lib/pear/HTML/QuickForm/file.php
@ -460,7 +460,7 @@ class HTML_QuickForm_file extends HTML_QuickForm_input
                                if (this.files[0]) {
                                    fileName = this.files[0].name;
                                }
-                                the_return.innerHTML = fileName;
+                                the_return.textContent = fileName;
                            });
                        </script>
                    ';