From 61212e3f96a171ebdc0a051c10917d70a6d96367 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Wed, 30 Aug 2006 08:03:12 +0000
Subject: [PATCH] better input validation in files/index.php SC#307

---
 files/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/index.php b/files/index.php
index 238dd729e3..ef30710696 100644
--- a/files/index.php
+++ b/files/index.php
@@ -16,7 +16,7 @@
     $action  = optional_param('action', '', PARAM_ACTION);
     $name    = optional_param('name', '', PARAM_FILE);
     $oldname = optional_param('oldname', '', PARAM_FILE);
-    $choose  = optional_param('choose', '', PARAM_CLEAN);
+    $choose  = optional_param('choose', '', PARAM_FILE); //in fact it is always 'formname.inputname'
     $userfile= optional_param('userfile','',PARAM_FILE);
     $save    = optional_param('save', 0, PARAM_BOOL);
     $text    = optional_param('text', '', PARAM_RAW);
-- 
2.39.5