XSS fixes

author: Andy Staudacher <andy.st@gmail.com> 2009-08-29 15:41:02 -0700
committer: Andy Staudacher <andy.st@gmail.com> 2009-08-29 15:41:02 -0700
commit: 0204617b602183a3e157bc7e23c617acd22a5212 (patch)
tree: 429a7f7ecd3eb9e7cc846bbf5a4f28601e09d22d /modules/server_add/views/server_add_tree.html.php
parent: c4d5ecde66c7bffde2259b9815c050e6a4d8f333 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php
index b68544ec..2f65a590 100644
--- a/modules/server_add/views/server_add_tree.html.php
+++ b/modules/server_add/views/server_add_tree.html.php
@@ -10,7 +10,7 @@
     <li class="ui-icon-left">
       <span class="ui-icon ui-icon-folder-open"></span>
       <span ondblclick="open_dir('<?= $dir ?>')">
-        <?= basename($dir) ?>
+        <?= SafeString::of(basename($dir)) ?>
       </span>
       <ul>
         <? endforeach ?>
@@ -22,7 +22,7 @@
                 <? if (is_dir($file)): ?>
                 ondblclick="open_dir($(this).attr('file'))"
                 <? endif ?>
-                file="<?= $file ?>"
+                file="<?= strtr($file, array('"' => '\\"')) ?>"
                 >
             <?= SafeString::of(basename($file)) ?>
           </span>
author	Andy Staudacher <andy.st@gmail.com>	2009-08-29 15:41:02 -0700
committer	Andy Staudacher <andy.st@gmail.com>	2009-08-29 15:41:02 -0700
commit	0204617b602183a3e157bc7e23c617acd22a5212 (patch)
tree	429a7f7ecd3eb9e7cc846bbf5a4f28601e09d22d /modules/server_add/views/server_add_tree.html.php
parent	c4d5ecde66c7bffde2259b9815c050e6a4d8f333 (diff)