open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Replaced urlencode() and urldecode() with htmlspecialchars() and htmlspecialchars_decode()

Browse Source
remotes/origin/stable
Tom Needham 14 years ago
parent 2ca74dc334
commit 4fe993a55d
1 changed files with 3 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      apps/editor/ajax/savefile.php

6
apps/editor/ajax/savefile.php
Unescape View File

@ -28,7 +28,7 @@ require_once('../../../lib/base.php');
OC_JSON::checkLoggedIn();
// Save the file data
$filecontents = $_POST['filecontents'];
$filecontents = htmlspecialchars_decode($_POST['filecontents']);
$file = $_POST['file'];
$dir = $_POST['dir'];
$path = $dir.'/'.$file;
@ -37,7 +37,7 @@ $sessionname = md5('oc_file_hash_'.$path);
function do_save($path,$filecontents){
$sessionname = md5('oc_file_hash_'.$path);
OC_Filesystem::update_session_file_hash($sessionname,md5(urlencode($filecontents)));
OC_Filesystem::update_session_file_hash($sessionname,md5(htmlspecialchars($filecontents)));
OC_Filesystem::file_put_contents($path, $filecontents);
}
@ -45,7 +45,7 @@ function do_save($path,$filecontents){
if(isset($_SESSION[$sessionname])){
if(!empty($_SESSION[$sessionname])){
// Compare to current hash of file.
$savedfilecontents = urlencode(OC_Filesystem::file_get_contents($path));
$savedfilecontents = htmlspecialchars(OC_Filesystem::file_get_contents($path));
$hash = md5($savedfilecontents);
$originalhash = $_SESSION[$sessionname];
// Compare with hash taken when file was opened

Write Preview
Loading…
Cancel
Save