From 2454961389100d47d314e23a23b7105e9288edff Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 2 Jan 2023 14:14:30 +0000
Subject: [PATCH] Escape special characters in a shared doc/file/login name to
 prevent potentially breaking the ajax sharing log query

---
 ajax.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ajax.php b/ajax.php
index 9ccc27d0..39a88a6b 100644
--- a/ajax.php
+++ b/ajax.php
@@ -222,19 +222,19 @@ if (isset($_GET['share_generate_link'])) {
 
     if ($item_type == "Document") {
         $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
-        $item_name = $row['document_name'];
+        $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['document_name']));
     }
 
     if ($item_type == "File") {
         $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
-        $item_name = $row['file_name'];
+        $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['file_name']));
     }
 
     if ($item_type == "Login") {
         $login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
         $row = mysqli_fetch_array($login);
 
-        $item_name = $row['login_name'];
+        $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['login_name']));
 
         // Decrypt & re-encrypt password for sharing
         $login_password_cleartext = decryptLoginEntry($row['login_password']);