summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2012-02-19 11:20:28 +0100
committerFlorian Pritz <bluewind@xinu.at>2012-02-19 11:20:28 +0100
commit28290de0665bdba2129fde7901b28b6299566e56 (patch)
tree6915340e054cc41da024fc33734778df19ad6173
parentf0ca06e49d6f916c1b0e6d49de3a6d8200d01d6e (diff)
encode special chars in some places
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--application/models/file_mod.php4
-rw-r--r--application/views/file/upload_history.php2
2 files changed, 3 insertions, 3 deletions
diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index ee759b18f..05b4ef08c 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -266,7 +266,7 @@ class File_mod extends CI_Model {
exit();
}
- $data['title'] = $filedata['filename'];
+ $data['title'] = htmlspecialchars($filedata['filename']);
$data['raw_link'] = site_url($id);
$data['new_link'] = site_url();
$data['plain_link'] = site_url($id.'/plain');
@@ -276,7 +276,7 @@ class File_mod extends CI_Model {
header("Content-Type: text/html\n");
- $data['current_highlight'] = $mode;
+ $data['current_highlight'] = htmlspecialchars($mode);
if (filesize($file) > $this->config->item("small_upload_size")) {
$data['timeout'] = date("r", $filedata["date"] + $this->config->item("upload_max_age"));
diff --git a/application/views/file/upload_history.php b/application/views/file/upload_history.php
index f4ae5051e..b90d59be8 100644
--- a/application/views/file/upload_history.php
+++ b/application/views/file/upload_history.php
@@ -19,7 +19,7 @@
<tr class="<?php echo even_odd(); ?>">
<td><a href="<?php echo site_url("file/delete/".$item["id"]); ?>"><img src="<?php echo base_url(); ?>data/img/fuge-icons/cross.png" /></a></td>
<td><a href="<?php echo site_url("/".$item["id"]); ?>/"><?php echo $item["id"]; ?></a></td>
- <td><?php echo $item["filename"]; ?></td>
+ <td><?php echo htmlspecialchars($item["filename"]); ?></td>
<td><?php echo $item["mimetype"]; ?></td>
<td><?php echo $item["date"]; ?></td>
<td><?php echo $item["hash"]; ?></td>