From 3a0d9ac4429b45d720a6090b0850ddd66dc43348 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Fri, 1 Sep 2023 11:19:58 +0000
Subject: [PATCH] remove bogus escapeshellcmd(), fixes #3124

Closes #3124

Merge request studip/studip!2106
---
 public/sendfile.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/sendfile.php b/public/sendfile.php
index e159c8ddef9..7d6517cea08 100644
--- a/public/sendfile.php
+++ b/public/sendfile.php
@@ -54,7 +54,7 @@ PluginEngine::loadPlugins();
 // Set Base URL, otherwise links will fail on SENDFILE_LINK_MODE = rewrite
 URLHelper::setBaseURL($GLOBALS['ABSOLUTE_URI_STUDIP']);
 
-$file_id = escapeshellcmd(basename(Request::get('file_id')));
+$file_id = basename(Request::get('file_id'));
 $type = Request::int('type');
 if ($type < 0 || $type > 7) {
     $type = 0;
-- 
GitLab