diff options
author | Florian Pritz <bluewind@xinu.at> | 2012-02-19 11:20:28 +0100 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2012-02-19 11:20:28 +0100 |
commit | 28290de0665bdba2129fde7901b28b6299566e56 (patch) | |
tree | 6915340e054cc41da024fc33734778df19ad6173 | |
parent | f0ca06e49d6f916c1b0e6d49de3a6d8200d01d6e (diff) |
encode special chars in some places
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r-- | application/models/file_mod.php | 4 | ||||
-rw-r--r-- | application/views/file/upload_history.php | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/application/models/file_mod.php b/application/models/file_mod.php index ee759b18f..05b4ef08c 100644 --- a/application/models/file_mod.php +++ b/application/models/file_mod.php @@ -266,7 +266,7 @@ class File_mod extends CI_Model { exit(); } - $data['title'] = $filedata['filename']; + $data['title'] = htmlspecialchars($filedata['filename']); $data['raw_link'] = site_url($id); $data['new_link'] = site_url(); $data['plain_link'] = site_url($id.'/plain'); @@ -276,7 +276,7 @@ class File_mod extends CI_Model { header("Content-Type: text/html\n"); - $data['current_highlight'] = $mode; + $data['current_highlight'] = htmlspecialchars($mode); if (filesize($file) > $this->config->item("small_upload_size")) { $data['timeout'] = date("r", $filedata["date"] + $this->config->item("upload_max_age")); diff --git a/application/views/file/upload_history.php b/application/views/file/upload_history.php index f4ae5051e..b90d59be8 100644 --- a/application/views/file/upload_history.php +++ b/application/views/file/upload_history.php @@ -19,7 +19,7 @@ <tr class="<?php echo even_odd(); ?>"> <td><a href="<?php echo site_url("file/delete/".$item["id"]); ?>"><img src="<?php echo base_url(); ?>data/img/fuge-icons/cross.png" /></a></td> <td><a href="<?php echo site_url("/".$item["id"]); ?>/"><?php echo $item["id"]; ?></a></td> - <td><?php echo $item["filename"]; ?></td> + <td><?php echo htmlspecialchars($item["filename"]); ?></td> <td><?php echo $item["mimetype"]; ?></td> <td><?php echo $item["date"]; ?></td> <td><?php echo $item["hash"]; ?></td> |