diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2012-10-06 16:23:22 +0400 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2012-10-06 16:23:22 +0400 |
commit | b76a335dc98825a703f7c1134ac052a1c9fac9a8 (patch) | |
tree | 8d844934fffe197031cdc1f3df481c8284885f16 /apps | |
parent | 375eae1a5c1cd97501e6f2b770ee2b22668a91e1 (diff) |
Sanitize user input
This is a backport of 4f7c7c6 /cc @DeepDiver1975
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files/templates/part.breadcrumb.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php index 43fe2d1fa95..abbe25274d8 100644 --- a/apps/files/templates/part.breadcrumb.php +++ b/apps/files/templates/part.breadcrumb.php @@ -1,6 +1,6 @@ <?php for($i=0; $i<count($_["breadcrumb"]); $i++): $crumb = $_["breadcrumb"][$i]; ?> - <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $crumb["dir"];?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'> - <a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo htmlentities($crumb["name"],ENT_COMPAT,'utf-8'); ?></a> + <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'> + <a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a> </div> - <?php endfor;?> + <?php endfor;?>
\ No newline at end of file |