From 28290de0665bdba2129fde7901b28b6299566e56 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 19 Feb 2012 11:20:28 +0100
Subject: encode special chars in some places

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/file_mod.php           | 4 ++--
 application/views/file/upload_history.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'application')

diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index ee759b18f..05b4ef08c 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -266,7 +266,7 @@ class File_mod extends CI_Model {
 			exit();
 		}
 
-		$data['title'] = $filedata['filename'];
+		$data['title'] = htmlspecialchars($filedata['filename']);
 		$data['raw_link'] = site_url($id);
 		$data['new_link'] = site_url();
 		$data['plain_link'] = site_url($id.'/plain');
@@ -276,7 +276,7 @@ class File_mod extends CI_Model {
 
 		header("Content-Type: text/html\n");
 
-		$data['current_highlight'] = $mode;
+		$data['current_highlight'] = htmlspecialchars($mode);
 
 		if (filesize($file) > $this->config->item("small_upload_size")) {
 			$data['timeout'] = date("r", $filedata["date"] + $this->config->item("upload_max_age"));
diff --git a/application/views/file/upload_history.php b/application/views/file/upload_history.php
index f4ae5051e..b90d59be8 100644
--- a/application/views/file/upload_history.php
+++ b/application/views/file/upload_history.php
@@ -19,7 +19,7 @@
 <tr class="<?php echo even_odd(); ?>">
 	<td><a href="<?php echo site_url("file/delete/".$item["id"]); ?>"><img src="<?php echo base_url(); ?>data/img/fuge-icons/cross.png" /></a></td>
 	<td><a href="<?php echo site_url("/".$item["id"]); ?>/"><?php echo $item["id"]; ?></a></td>
-	<td><?php echo $item["filename"]; ?></td>
+	<td><?php echo htmlspecialchars($item["filename"]); ?></td>
 	<td><?php echo $item["mimetype"]; ?></td>
 	<td><?php echo $item["date"]; ?></td>
 	<td><?php echo $item["hash"]; ?></td>
-- 
cgit v1.2.3-24-g4f1b