Sanitize user input

This is a backport of 4f7c7c6 /cc @DeepDiver1975
author: Lukas Reschke <lukas@statuscode.ch> 2012-10-06 16:23:22 +0400
committer: Lukas Reschke <lukas@statuscode.ch> 2012-10-06 16:23:22 +0400
commit: b76a335dc98825a703f7c1134ac052a1c9fac9a8 (patch)
tree: 8d844934fffe197031cdc1f3df481c8284885f16 /apps
parent: 375eae1a5c1cd97501e6f2b770ee2b22668a91e1 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php
index 43fe2d1fa95..abbe25274d8 100644
--- a/apps/files/templates/part.breadcrumb.php
+++ b/apps/files/templates/part.breadcrumb.php
@@ -1,6 +1,6 @@
 	<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
         $crumb = $_["breadcrumb"][$i]; ?>
-		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $crumb["dir"];?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'>
-    		<a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo htmlentities($crumb["name"],ENT_COMPAT,'utf-8'); ?></a>
+		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'>
+		<a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
 		</div>
-	<?php endfor;?>
+	<?php endfor;?>
+\ No newline at end of file
author	Lukas Reschke <lukas@statuscode.ch>	2012-10-06 16:23:22 +0400
committer	Lukas Reschke <lukas@statuscode.ch>	2012-10-06 16:23:22 +0400
commit	b76a335dc98825a703f7c1134ac052a1c9fac9a8 (patch)
tree	8d844934fffe197031cdc1f3df481c8284885f16 /apps
parent	375eae1a5c1cd97501e6f2b770ee2b22668a91e1 (diff)