[Fusionforge-commits] r7770 - in branches/Branch_4_8/gforge/www/docman: . admin

Roland Mas lolando at libremir.placard.fr.eu.org
Mon Jun 8 20:59:46 CEST 2009


Author: lolando
Date: 2009-06-08 20:59:45 +0200 (Mon, 08 Jun 2009)
New Revision: 7770

Modified:
   branches/Branch_4_8/gforge/www/docman/admin/index.php
   branches/Branch_4_8/gforge/www/docman/index.php
Log:
Escape filenames according to where they're going to end up

Modified: branches/Branch_4_8/gforge/www/docman/admin/index.php
===================================================================
--- branches/Branch_4_8/gforge/www/docman/admin/index.php	2009-06-08 15:14:55 UTC (rev 7769)
+++ branches/Branch_4_8/gforge/www/docman/admin/index.php	2009-06-08 18:59:45 UTC (rev 7770)
@@ -203,7 +203,7 @@
 		<td>
 		<strong><?php echo _('File')?></strong><?php echo utils_requiredField(); ?><br />
 		<?php if ($d->isURL()) {
-			echo '<a href="'.addslashes($d->getFileName()).'">[View File URL]</a>';
+			echo '<a href="'.urlencode($d->getFileName()).'">[View File URL]</a>';
 		} else { ?>
 		<a target="_blank" href="../view.php/<?php echo $group_id.'/'.$d->getID().'/'.urlencode($d->getFileName()) ?>"><?php echo $d->getName(); ?></a>
 		<?php } ?>

Modified: branches/Branch_4_8/gforge/www/docman/index.php
===================================================================
--- branches/Branch_4_8/gforge/www/docman/index.php	2009-06-08 15:14:55 UTC (rev 7769)
+++ branches/Branch_4_8/gforge/www/docman/index.php	2009-06-08 18:59:45 UTC (rev 7770)
@@ -35,8 +35,8 @@
 			if (isset($nested_docs[$dg->getID()]) && is_array($nested_docs[$dg->getID()])) {
 				foreach ($nested_docs[$dg->getID()] as $d) {
 					$docurl=util_make_url ('/docman/view.php/'.$group_id.'/'.$d->getID().'/'.urlencode($d->getFileName()));
-					$docname=addslashes($d->getName())." (".htmlspecialchars($d->getFileName(), ENT_QUOTES).")";
-					$docdesc=addslashes($d->getDescription());
+					$docname=htmlspecialchars($d->getName(), ENT_QUOTES)." (".htmlspecialchars($d->getFileName(), ENT_QUOTES).")";
+					$docdesc=htmlspecialchars($d->getDescription(), ENT_QUOTES);
 					echo ",['','".$docname."','".$docurl."','','".$docdesc."' ]";
 				}
 			}




More information about the Fusionforge-commits mailing list