Skip to content
Snippets Groups Projects
Commit 85ac75b4 authored by Björn Schießle's avatar Björn Schießle
Browse files

xss vulnerability fixed

parent 0083dbb3
No related branches found
No related tags found
No related merge requests found
......@@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
</style>
<script type="text/javascript">
var root = "<?php echo htmlentities($root); ?>";
var root = "<?php echo $root; ?>";
function explode(element) {
$('div', element).each(function(index, elem) {
......@@ -64,7 +64,7 @@ $(document).ready(function() {
for ($i = 0; $i < count($paths); $i++) {
$path .= urlencode($paths[$i]).'/';
$classess = 'crumb'.($i == count($paths)-1?' last':'');
echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>';
echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.\OCP\Util::sanitizeHTML($paths[$i]).'</a></div>';
}
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment