diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-25 14:38:11 +0400 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-25 14:38:11 +0400 |
| commit | 85ac75b4f4bbe9f55ac5e959a76027cb1be3a68e (patch) | |
| tree | a683f5f0393f281735b28628ad862de7b40fda9d | |
| parent | 0083dbb3ce569960e564b0d9e48a7db7736e6599 (diff) | |
xss vulnerability fixed
| -rw-r--r-- | apps/gallery/templates/index.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php index 1fdbea59575..e30052fafa3 100644 --- a/apps/gallery/templates/index.php +++ b/apps/gallery/templates/index.php @@ -14,7 +14,7 @@ div.visible { opacity: 0.8;} </style> <script type="text/javascript"> -var root = "<?php echo htmlentities($root); ?>"; +var root = "<?php echo $root; ?>"; function explode(element) { $('div', element).each(function(index, elem) { @@ -64,7 +64,7 @@ $(document).ready(function() { for ($i = 0; $i < count($paths); $i++) { $path .= urlencode($paths[$i]).'/'; $classess = 'crumb'.($i == count($paths)-1?' last':''); - echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>'; + echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.\OCP\Util::sanitizeHTML($paths[$i]).'</a></div>'; } } |