open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

xss vulnerability fixed

Browse Source
remotes/origin/stable4
Bjoern Schiessle 13 years ago
parent 0083dbb3ce
commit 85ac75b4f4
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      apps/gallery/templates/index.php

4
apps/gallery/templates/index.php
Unescape View File

@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
</style> </style>
<script type="text/javascript"> <script type="text/javascript">
var root = "<?php echo htmlentities($root); ?>"; var root = "<?php echo $root; ?>";
function explode(element) { function explode(element) {
$('div', element).each(function(index, elem) { $('div', element).each(function(index, elem) {
@ -64,7 +64,7 @@ $(document).ready(function() {
for ($i = 0; $i < count($paths); $i++) { for ($i = 0; $i < count($paths); $i++) {
$path .= urlencode($paths[$i]).'/'; $path .= urlencode($paths[$i]).'/';
$classess = 'crumb'.($i == count($paths)-1?' last':''); $classess = 'crumb'.($i == count($paths)-1?' last':'');
echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>'; echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.\OCP\Util::sanitizeHTML($paths[$i]).'</a></div>';
} }
} }

Write Preview
Loading…
Cancel
Save