Sanitize user input
This commit is contained in:
parent
e45f36c2d4
commit
e5f2d46c6f
|
@ -15,9 +15,9 @@ var FileList={
|
||||||
extension=false;
|
extension=false;
|
||||||
}
|
}
|
||||||
html+='<td class="filename" style="background-image:url('+img+')"><input type="checkbox" />';
|
html+='<td class="filename" style="background-image:url('+img+')"><input type="checkbox" />';
|
||||||
html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '<').replace(/>/, '>')+'/'+name+'"><span class="nametext">'+basename;
|
html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '<').replace(/>/, '>')+'/'+escapeHTML(name)+'"><span class="nametext">'+escapeHTML(basename);
|
||||||
if(extension){
|
if(extension){
|
||||||
html+='<span class="extension">'+extension+'</span>';
|
html+='<span class="extension">'+escapeHTML(extension)+'</span>';
|
||||||
}
|
}
|
||||||
html+='</span></a></td>';
|
html+='</span></a></td>';
|
||||||
if(size!='Pending'){
|
if(size!='Pending'){
|
||||||
|
@ -189,9 +189,9 @@ var FileList={
|
||||||
checkName:function(oldName, newName, isNewFile) {
|
checkName:function(oldName, newName, isNewFile) {
|
||||||
if (isNewFile || $('tr').filterAttr('data-file', newName).length > 0) {
|
if (isNewFile || $('tr').filterAttr('data-file', newName).length > 0) {
|
||||||
if (isNewFile) {
|
if (isNewFile) {
|
||||||
$('#notification').html(newName+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="suggest">'+t('files', 'suggest name')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
|
$('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="suggest">'+t('files', 'suggest name')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
|
||||||
} else {
|
} else {
|
||||||
$('#notification').html(newName+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
|
$('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
|
||||||
}
|
}
|
||||||
$('#notification').data('oldName', oldName);
|
$('#notification').data('oldName', oldName);
|
||||||
$('#notification').data('newName', newName);
|
$('#notification').data('newName', newName);
|
||||||
|
@ -272,9 +272,9 @@ var FileList={
|
||||||
} else {
|
} else {
|
||||||
// NOTE: Temporary fix to change the text to unshared for files in root of Shared folder
|
// NOTE: Temporary fix to change the text to unshared for files in root of Shared folder
|
||||||
if ($('#dir').val() == '/Shared') {
|
if ($('#dir').val() == '/Shared') {
|
||||||
$('#notification').html(t('files', 'unshared')+' '+files+'<span class="undo">'+t('files', 'undo')+'</span>');
|
$('#notification').html(t('files', 'unshared')+' '+ escapeHTML(files) +'<span class="undo">'+t('files', 'undo')+'</span>');
|
||||||
} else {
|
} else {
|
||||||
$('#notification').html(t('files', 'deleted')+' '+files+'<span class="undo">'+t('files', 'undo')+'</span>');
|
$('#notification').html(t('files', 'deleted')+' '+ escapeHTML(files)+'<span class="undo">'+t('files', 'undo')+'</span>');
|
||||||
}
|
}
|
||||||
$('#notification').fadeIn();
|
$('#notification').fadeIn();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue