From d4f0d6db966af4dd7d83c978125635f03895b81a Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Mon, 12 Mar 2018 19:53:41 +0100
Subject: [PATCH] check input

---
 lam/templates/upload/masscreate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lam/templates/upload/masscreate.php b/lam/templates/upload/masscreate.php
index 711b855e..80789871 100644
--- a/lam/templates/upload/masscreate.php
+++ b/lam/templates/upload/masscreate.php
@@ -142,7 +142,7 @@ if (isset($_POST['type'])) {
 // show start page
 $divClass = 'user';
 if (isset($_REQUEST['type'])) {
-	$divClass = \LAM\TYPES\getScopeFromTypeId($_REQUEST['type']);
+	$divClass = htmlspecialchars(\LAM\TYPES\getScopeFromTypeId($_REQUEST['type']));
 }
 echo '<div class="' . $divClass . '-bright smallPaddingContent">';
 echo "<div class=\"title\">\n";