From 8c1c456376b469fd3ca27aad8d0536f1983bddb2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Mon, 16 Jan 2023 14:48:54 +0100
Subject: [PATCH] Remove questionable `@` in
 __singleMediaSelectionFormField.tpl

This looks like it is exploitable, because the value is not guaranteed to be an integer.
---
 com.woltlab.wcf/templates/__singleMediaSelectionFormField.tpl   | 2 +-
 .../files/acp/templates/__singleMediaSelectionFormField.tpl     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/com.woltlab.wcf/templates/__singleMediaSelectionFormField.tpl b/com.woltlab.wcf/templates/__singleMediaSelectionFormField.tpl
index 80a54f9ef5..aaec0dbd49 100644
--- a/com.woltlab.wcf/templates/__singleMediaSelectionFormField.tpl
+++ b/com.woltlab.wcf/templates/__singleMediaSelectionFormField.tpl
@@ -19,7 +19,7 @@
 		</div>
 	{/if}
 	<p class="button jsMediaSelectButton jsMediaSelectButton_{@$field->getPrefixedId()}" data-store="{@$field->getPrefixedId()}"{if $field->isImageOnly()} data-display="{@$field->getPrefixedId()}_preview"{/if}>{lang}wcf.media.choose{if $field->isImageOnly()}Image{else}File{/if}{/lang}</p>
-	<input type="hidden" name="{@$field->getPrefixedId()}" id="{@$field->getPrefixedId()}"{if $field->getValue()} value="{@$field->getValue()}"{/if}>
+	<input type="hidden" name="{@$field->getPrefixedId()}" id="{@$field->getPrefixedId()}"{if $field->getValue()} value="{$field->getValue()}"{/if}>
 	
 	<script data-relocate="true">
 		{include file='mediaJavaScript'}
diff --git a/wcfsetup/install/files/acp/templates/__singleMediaSelectionFormField.tpl b/wcfsetup/install/files/acp/templates/__singleMediaSelectionFormField.tpl
index 80a54f9ef5..aaec0dbd49 100644
--- a/wcfsetup/install/files/acp/templates/__singleMediaSelectionFormField.tpl
+++ b/wcfsetup/install/files/acp/templates/__singleMediaSelectionFormField.tpl
@@ -19,7 +19,7 @@
 		</div>
 	{/if}
 	<p class="button jsMediaSelectButton jsMediaSelectButton_{@$field->getPrefixedId()}" data-store="{@$field->getPrefixedId()}"{if $field->isImageOnly()} data-display="{@$field->getPrefixedId()}_preview"{/if}>{lang}wcf.media.choose{if $field->isImageOnly()}Image{else}File{/if}{/lang}</p>
-	<input type="hidden" name="{@$field->getPrefixedId()}" id="{@$field->getPrefixedId()}"{if $field->getValue()} value="{@$field->getValue()}"{/if}>
+	<input type="hidden" name="{@$field->getPrefixedId()}" id="{@$field->getPrefixedId()}"{if $field->getValue()} value="{$field->getValue()}"{/if}>
 	
 	<script data-relocate="true">
 		{include file='mediaJavaScript'}
-- 
2.20.1