diff options
| author | Robin Appelman <icewind1991@gmail.com> | 2011-09-30 12:57:39 +0400 |
|---|---|---|
| committer | Robin Appelman <icewind1991@gmail.com> | 2011-09-30 12:59:46 +0400 |
| commit | 51e68729de3402fd7bc90e123c432538659b6b31 (patch) | |
| tree | e98544cf1a703df28a3ad9e7a042fd6a160f7b08 /files | |
| parent | 35d490f8e98063ab526e30f6382834895fdaca19 (diff) | |
escape file and directory names when downloading files
Diffstat (limited to 'files')
| -rw-r--r-- | files/js/fileactions.js | 2 | ||||
| -rw-r--r-- | files/templates/part.list.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/files/js/fileactions.js b/files/js/fileactions.js index ddb16ecd5fd..0089c235ebf 100644 --- a/files/js/fileactions.js +++ b/files/js/fileactions.js @@ -125,7 +125,7 @@ FileActions={ } FileActions.register('all','Download',function(){return OC.imagePath('core','actions/download')},function(filename){ - window.location='ajax/download.php?files='+filename+'&dir='+$('#dir').val(); + window.location='ajax/download.php?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val()); }); FileActions.register('all','Delete',function(){return OC.imagePath('core','actions/delete')},function(filename){ diff --git a/files/templates/part.list.php b/files/templates/part.list.php index 398094f56d0..6bf5efe2fb2 100644 --- a/files/templates/part.list.php +++ b/files/templates/part.list.php @@ -8,7 +8,7 @@ <tr data-file="<?php echo $file['name'];?>" data-type="<?php echo ($file['type'] == 'dir')?'dir':'file'?>" data-mime="<?php echo $file['mime']?>" data-size='<?php echo $file['size'];?>'> <td class="filename svg" style="background-image:url(<?php if($file['type'] == 'dir') echo mimetype_icon('dir'); else echo mimetype_icon($file['mime']); ?>)"> <?php if(!isset($_['readonly']) || !$_['readonly']) { ?><input type="checkbox" /><?php } ?> - <a class="name" href="<?php if($file['type'] == 'dir') echo $_['baseURL'].$file['directory'].'/'.$file['name']; else echo $_['downloadURL'].$file['directory'].'/'.$file['name']; ?>" title=""> + <a class="name" href="<?php if($file['type'] == 'dir') echo $_['baseURL'].$file['directory'].'/'.$file['name']; else echo $_['downloadURL'].urlencode($file['directory']).'/'.urlencode($file['name']); ?>" title=""> <span class="nametext"> <?php if($file['type'] == 'dir'):?> <?php echo htmlspecialchars($file['name']);?> |