Sanitize file names

author: Lukas Reschke <lukas@statuscode.ch> 2012-10-12 17:42:15 +0400
committer: Lukas Reschke <lukas@statuscode.ch> 2012-10-12 17:42:15 +0400
commit: 77eff3479da0997deeaf2f6590e48c9e79e0fa65 (patch)
tree: 8e78a7b6e775a21121d6e3f45b59380b3f59c677
parent: 299c6646552afb5a75b7312e54011b35e0b1f0e2 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index c3eb906f39e..22ae4d6e938 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -14,9 +14,9 @@ FileList={
 			var extension=false;
 		}
 		html+='<td class="filename" style="background-image:url('+img+')"><input type="checkbox" />';
-		html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+name+'"><span class="nametext">'+basename
+		html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+escapeHTML(name)+'"><span class="nametext">'+escapeHTML(basename)
 		if(extension){
-			html+='<span class="extension">'+extension+'</span>';
+			html+='<span class="extension">'+escapeHTML(extension)+'</span>';
 		}
 		html+='</span></a></td>';
 		if(size!='Pending'){
author	Lukas Reschke <lukas@statuscode.ch>	2012-10-12 17:42:15 +0400
committer	Lukas Reschke <lukas@statuscode.ch>	2012-10-12 17:42:15 +0400
commit	77eff3479da0997deeaf2f6590e48c9e79e0fa65 (patch)
tree	8e78a7b6e775a21121d6e3f45b59380b3f59c677
parent	299c6646552afb5a75b7312e54011b35e0b1f0e2 (diff)