From 2634244f96180db6ef42043fc17ea0e4c483df64 Mon Sep 17 00:00:00 2001
From: ovclas <ovclas@gmail.com>
Date: Tue, 28 Feb 2012 05:18:21 +0000
Subject: [PATCH] xss defense change

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10227 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 classes/context/Context.class.php | 1 +
 modules/file/file.controller.php  | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index e349e7704..bef30a977 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -758,6 +758,7 @@ class Context {
 		foreach($_FILES as $key => $val) {
 			$tmp_name = $val['tmp_name'];
 			if(!$tmp_name || !is_uploaded_file($tmp_name)) continue;
+			$val['name'] = htmlspecialchars($val['name']);
 			$this->set($key, $val, true);
 			$this->is_uploaded = true;
 		}
diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index 5cabb3bc6..874b267d7 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -512,9 +512,6 @@
             $args->member_srl = $member_srl;
             $args->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999)));
 
-			$security = new Security($args->source_filename);
-			$args->source_filename = $security->encodeHTML();
-
             $output = executeQuery('file.insertFile', $args);
             if(!$output->toBool()) return $output;
             // Call a trigger (after)