diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 21:34:55 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 21:34:55 -0700 |
| commit | bd52a85f98c321543fc1ad0bd06863efd19c7e89 (patch) | |
| tree | 2679c89c315c75c08f4046ddcca5f6029a756f0b /modules/server_add | |
| parent | fc294c2777e74ab171709c08eeae1675711add5a (diff) | |
(mostly harmless) XSS fix in server add
Diffstat (limited to 'modules/server_add')
| -rw-r--r-- | modules/server_add/views/server_add_tree.html.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index dbae42c5..def37b74 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -9,7 +9,7 @@ <? foreach ($parents as $dir): ?> <li class="ui-icon-left"> <span class="ui-icon ui-icon-folder-open"></span> - <span ondblclick="open_dir('<?= $dir ?>')"> + <span ondblclick="open_dir(<?= html::js_string($dir) ?>)"> <?= html::clean(basename($dir)) ?> </span> <ul> @@ -22,7 +22,7 @@ <? if (is_dir($file)): ?> ondblclick="open_dir($(this).attr('file'))" <? endif ?> - file="<?= strtr($file, array('"' => '\\"')) ?>" + file="<?= html::clean_attribute($file) ?>" > <?= html::clean(basename($file)) ?> </span> |