From 4485788c544eb1aae52ca613bd9626129e3df6ee Mon Sep 17 00:00:00 2001
From: Brian Kephart <briantkephart@gmail.com>
Date: Mon, 10 Apr 2023 19:19:56 -0500
Subject: [PATCH] Sanitize error messages when rendering directly

---
 app/controllers/camaleon_cms/admin/media_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/camaleon_cms/admin/media_controller.rb b/app/controllers/camaleon_cms/admin/media_controller.rb
index ed45bd82..75c1946e 100644
--- a/app/controllers/camaleon_cms/admin/media_controller.rb
+++ b/app/controllers/camaleon_cms/admin/media_controller.rb
@@ -80,7 +80,7 @@ def actions
                 cama_tmp_upload(params[:url], formats: params[:formats], name: params[:name])
               end
           if r[:error].present?
-            render plain: r[:error]
+            render plain: helpers.sanitize(r[:error])
           else
             params[:file_upload] = r[:file_path]
             sett = { remove_source: true }
@@ -106,7 +106,7 @@ def upload(settings = {})
         end
 
         if f[:error].present?
-          render plain: f[:error]
+          render plain: helpers.sanitize(f[:error])
         else
           render partial: 'render_file_item', locals: { files: [f] }
         end