sanitizeHTML() has to be called later to keep the path unchanged

a09a01a4 · Björn Schießle · a4c47c67 · a09a01a4 · a09a01a4
Commit a09a01a4 authored 13 years ago by Björn Schießle
--- a/apps/gallery/index.php
+++ b/apps/gallery/index.php
@@ -94,7 +94,7 @@ for($i = 0; $i<count($root_images); $i++) {
 }
 $tmpl = new OCP\Template( 'gallery', 'index', 'user' );
-$tmpl->assign('root', $root);
+$tmpl->assign('root', $root, false);
 $tmpl->assign('tl', $tl, false);
 $tmpl->printPage();
 ?>
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
 <script type="text/javascript">
-var root = "<?php echo OCP\Util::sanitizeHTML($_['root']); ?>";
+var root = "<?php echo $_['root']; ?>";
 $(document).ready(function() {
 		$("a[rel=images]").fancybox({
@@ -18,7 +18,7 @@ $(document).ready(function() {
 		for ($i = 0; $i < count($paths); $i++) {
 			$path .= urlencode($paths[$i]).'/';
 			$classess = 'crumb'.($i == count($paths)-1?' last':'');
-			echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>';
+			echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.OCP\Util::sanitizeHTML($paths[$i]).'</a></div>';
 		}
 	}