From cfd0140e2faa250e6e90cbeb4ec2ca4dcceed2f4 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Mon, 16 Apr 2012 12:59:08 +0200
Subject: [PATCH] fix 2 potential xss problems

---
 core/templates/404.php              | 2 +-
 files/templates/index.php           | 2 +-
 files/templates/part.breadcrumb.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/templates/404.php b/core/templates/404.php
index 13a8101034..cd4f2b40bb 100644
--- a/core/templates/404.php
+++ b/core/templates/404.php
@@ -10,6 +10,6 @@ if(!isset($_)){//also provide standalone error page
 <ul>
 	<li class='error'>
 		<?php echo $l->t( 'Cloud not found' ); ?><br/>
-		<p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
+		<p class='hint'><?php if(isset($_['file'])) echo htmlentities($_['file'])?></p>
 	</li>
 </ul>
diff --git a/files/templates/index.php b/files/templates/index.php
index f423b96ba1..639bdeaead 100644
--- a/files/templates/index.php
+++ b/files/templates/index.php
@@ -15,7 +15,7 @@
 				<form data-upload-id='1' class="file_upload_form" action="ajax/upload.php" method="post" enctype="multipart/form-data" target="file_upload_target_1">
 					<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
 					<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
-					<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
+					<input type="hidden" name="dir" value="<?php echo htmlentities($_['dir']) ?>" id="dir">
 					<button class="file_upload_filename">&nbsp;<img class='svg action' alt="Upload" src="<?php echo image_path("core", "actions/upload.svg"); ?>" /></button>
 					<input class="file_upload_start" type="file" name='files[]'/>
 						<a href="#" class="file_upload_button_wrapper" onclick="return false;" title="<?php echo $l->t('Upload'); echo  ' max. '.$_['uploadMaxHumanFilesize'] ?>"></a>
diff --git a/files/templates/part.breadcrumb.php b/files/templates/part.breadcrumb.php
index ab81cc5c03..16da6bb97b 100644
--- a/files/templates/part.breadcrumb.php
+++ b/files/templates/part.breadcrumb.php
@@ -1,6 +1,6 @@
 	<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
         $crumb = $_["breadcrumb"][$i]; ?>
 		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $crumb["dir"];?>' style='background-image:url("<?php echo image_path('core','breadcrumb.png');?>")'>
-    		<a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo htmlspecialchars($crumb["name"]); ?></a>
+    		<a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo htmlentities($crumb["name"]); ?></a>
 		</div>
 	<?php endfor;?>
\ No newline at end of file
-- 
GitLab