Escape file name in filepicker

author: Thomas Tanghus <thomas@tanghus.net> 2013-05-15 18:22:47 +0400
committer: Thomas Tanghus <thomas@tanghus.net> 2013-05-15 18:22:47 +0400
commit: 600afadd517ca5cbd2a7b9426ea8f9d9e085e86f (patch)
tree: dafd00986b210705d5d6960e68c60ae5d8218b43
parent: 349f57c5786d16fe6cdc287471047e22c9443117 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/core/js/oc-dialogs.js b/core/js/oc-dialogs.js
index 22667dcb666..5c60ea379b6 100644
--- a/core/js/oc-dialogs.js
+++ b/core/js/oc-dialogs.js
@@ -219,7 +219,7 @@ var OCdialogs = {
 		var entry_template = '<div onclick="javascript:OC.dialogs.handlePickerClick(this, \'*ENTRYNAME*\',\''+dialog_content_id+'\')" data="*ENTRYTYPE*"><img src="*MIMETYPEICON*" style="margin-right:1em;"><span id="filename">*NAME*</span><div style="float:right;margin-right:1em;">*LASTMODDATE*</div></div>';
 		var names = '';
 		$.each(r.data, function(index, a) {
-			names += entry_template.replace('*LASTMODDATE*', OC.mtime2date(a.mtime)).replace('*NAME*', a.name).replace('*MIMETYPEICON*', a.mimetype_icon).replace('*ENTRYNAME*', a.name).replace('*ENTRYTYPE*', a.type);
+			names += entry_template.replace('*LASTMODDATE*', OC.mtime2date(a.mtime)).replace('*NAME*', escapeHTML(a.name)).replace('*MIMETYPEICON*', a.mimetype_icon).replace('*ENTRYNAME*', escapeHTML(a.name)).replace('*ENTRYTYPE*', a.type);
 		});
 
 		$(dialog_content_id + ' #filelist').html(names);
author	Thomas Tanghus <thomas@tanghus.net>	2013-05-15 18:22:47 +0400
committer	Thomas Tanghus <thomas@tanghus.net>	2013-05-15 18:22:47 +0400
commit	600afadd517ca5cbd2a7b9426ea8f9d9e085e86f (patch)
tree	dafd00986b210705d5d6960e68c60ae5d8218b43
parent	349f57c5786d16fe6cdc287471047e22c9443117 (diff)