From 4f7c7c615e6eb0e3818b28a24d8cf77cd7546e19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= <schiessle@owncloud.com>
Date: Fri, 5 Oct 2012 17:05:23 +0200
Subject: [PATCH] prevent xss attacks

---
 apps/files/templates/part.breadcrumb.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php
index 875fc747bb..71b695f65f 100644
--- a/apps/files/templates/part.breadcrumb.php
+++ b/apps/files/templates/part.breadcrumb.php
@@ -1,6 +1,6 @@
 	<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
         $crumb = $_["breadcrumb"][$i]; ?>
-		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $crumb["dir"];?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'>
-		<a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
+		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'>
+		<a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
 		</div>
 	<?php endfor;?>
-- 
GitLab