Skip to content
Snippets Groups Projects
Commit e5f2d46c authored by Lukas Reschke's avatar Lukas Reschke
Browse files

Sanitize user input

parent e45f36c2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/files/js/filelist.js
+ 6
6
View file @ e5f2d46c
......@@ -15,9 +15,9 @@ var FileList={
extension=false;
}
html+='<td class="filename" style="background-image:url('+img+')"><input type="checkbox" />';
html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+name+'"><span class="nametext">'+basename;
html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+escapeHTML(name)+'"><span class="nametext">'+escapeHTML(basename);
if(extension){
html+='<span class="extension">'+extension+'</span>';
html+='<span class="extension">'+escapeHTML(extension)+'</span>';
}
html+='</span></a></td>';
if(size!='Pending'){
......@@ -189,9 +189,9 @@ var FileList={
checkName:function(oldName, newName, isNewFile) {
if (isNewFile || $('tr').filterAttr('data-file', newName).length > 0) {
if (isNewFile) {
$('#notification').html(newName+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="suggest">'+t('files', 'suggest name')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
$('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="suggest">'+t('files', 'suggest name')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
} else {
$('#notification').html(newName+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
$('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
}
$('#notification').data('oldName', oldName);
$('#notification').data('newName', newName);
......@@ -272,9 +272,9 @@ var FileList={
} else {
// NOTE: Temporary fix to change the text to unshared for files in root of Shared folder
if ($('#dir').val() == '/Shared') {
$('#notification').html(t('files', 'unshared')+' '+files+'<span class="undo">'+t('files', 'undo')+'</span>');
$('#notification').html(t('files', 'unshared')+' '+ escapeHTML(files) +'<span class="undo">'+t('files', 'undo')+'</span>');
} else {
$('#notification').html(t('files', 'deleted')+' '+files+'<span class="undo">'+t('files', 'undo')+'</span>');
$('#notification').html(t('files', 'deleted')+' '+ escapeHTML(files)+'<span class="undo">'+t('files', 'undo')+'</span>');
}
$('#notification').fadeIn();
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment