From 9c366a4811dd0b919171f3de04c4cd781c5e8e20 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 16 Aug 2019 09:27:14 +0300
Subject: clean_filename: also remove markup

---
 include/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/functions.php b/include/functions.php
index c326ac468..e78f0de9d 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -593,7 +593,7 @@
 	}
 
 	function clean_filename($filename) {
-		return basename(preg_replace("/\.\.|[\/\\\]/", "", $filename));
+		return basename(preg_replace("/\.\.|[\/\\\]/", "", clean($filename)));
 	}
 
 	function make_password($length = 12) {
-- 
cgit v1.2.3