encode special chars in some places

Signed-off-by: Florian Pritz <bluewind@xinu.at>
author: Florian Pritz <bluewind@xinu.at> 2012-02-19 11:20:28 +0100
committer: Florian Pritz <bluewind@xinu.at> 2012-02-19 11:20:28 +0100
commit: 28290de0665bdba2129fde7901b28b6299566e56 (patch)
tree: 6915340e054cc41da024fc33734778df19ad6173 /application/models/file_mod.php
parent: f0ca06e49d6f916c1b0e6d49de3a6d8200d01d6e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index ee759b18f..05b4ef08c 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -266,7 +266,7 @@ class File_mod extends CI_Model {
 			exit();
 		}
 
-		$data['title'] = $filedata['filename'];
+		$data['title'] = htmlspecialchars($filedata['filename']);
 		$data['raw_link'] = site_url($id);
 		$data['new_link'] = site_url();
 		$data['plain_link'] = site_url($id.'/plain');
@@ -276,7 +276,7 @@ class File_mod extends CI_Model {
 
 		header("Content-Type: text/html\n");
 
-		$data['current_highlight'] = $mode;
+		$data['current_highlight'] = htmlspecialchars($mode);
 
 		if (filesize($file) > $this->config->item("small_upload_size")) {
 			$data['timeout'] = date("r", $filedata["date"] + $this->config->item("upload_max_age"));
author	Florian Pritz <bluewind@xinu.at>	2012-02-19 11:20:28 +0100
committer	Florian Pritz <bluewind@xinu.at>	2012-02-19 11:20:28 +0100
commit	28290de0665bdba2129fde7901b28b6299566e56 (patch)
tree	6915340e054cc41da024fc33734778df19ad6173 /application/models/file_mod.php
parent	f0ca06e49d6f916c1b0e6d49de3a6d8200d01d6e (diff)