[Fusionforge-commits] r7772 - in branches/Branch_4_5/gforge/www/docman: admin include

Roland Mas lolando at libremir.placard.fr.eu.org
Mon Jun 8 21:14:34 CEST 2009


Author: lolando
Date: 2009-06-08 21:14:34 +0200 (Mon, 08 Jun 2009)
New Revision: 7772

Modified:
   branches/Branch_4_5/gforge/www/docman/admin/index.php
   branches/Branch_4_5/gforge/www/docman/include/doc_utils.php
Log:
Backported from 4.8: fixed filename escaping for docman

Modified: branches/Branch_4_5/gforge/www/docman/admin/index.php
===================================================================
--- branches/Branch_4_5/gforge/www/docman/admin/index.php	2009-06-08 19:04:09 UTC (rev 7771)
+++ branches/Branch_4_5/gforge/www/docman/admin/index.php	2009-06-08 19:14:34 UTC (rev 7772)
@@ -167,9 +167,9 @@
 		<td>
 		<strong><?php echo $Language->getText('docman_new','file')?></strong><?php echo utils_requiredField(); ?><br />
 		<?php if ($d->isURL()) {
-			echo '<a href="'.$d->getFileName().'">[View File URL]</a>';
+			echo '<a href="'.urlencode($d->getFileName()).'">[View File URL]</a>';
 		} else { ?>
-		<a target="_blank" href="../view.php/<?php echo $group_id.'/'.$d->getID().'/'.$d->getFileName() ?>"><?php echo $d->getName(); ?></a>
+		<a target="_blank" href="../view.php/<?php echo $group_id.'/'.$d->getID().'/'.urlencode($d->getFileName()) ?>"><?php echo $d->getName(); ?></a>
 		<?php } ?>
 		</td>
 	</tr>

Modified: branches/Branch_4_5/gforge/www/docman/include/doc_utils.php
===================================================================
--- branches/Branch_4_5/gforge/www/docman/include/doc_utils.php	2009-06-08 19:04:09 UTC (rev 7771)
+++ branches/Branch_4_5/gforge/www/docman/include/doc_utils.php	2009-06-08 19:14:34 UTC (rev 7772)
@@ -175,7 +175,7 @@
 			if ($from_admin && $stateid) {	// if we're sorting by the state, pass the state as a variable
 				echo "&amp;selected_stateid=".$stateid;
 			}
-			echo "'>".$doc_group->getName()."</a>";
+			echo "'>".htmlspecialchars($doc_group->getName())."</a>";
 				
 			// display link to add a document to the current group
 			echo " &nbsp;&nbsp;&nbsp;&nbsp;<a href='".($from_admin ? "../" : "")."new.php?group_id=".$doc_group->Group->getID()."&amp;selected_doc_group=".$doc_group->getID()."'>";
@@ -211,7 +211,7 @@
 							html_image('ic/docman16b.png',"20","20",array("border"=>"0")).
 							" ".
 							"<a href=\"".$link."\">".
-						addslashes($docs[$j]->getName()).
+						htmlspeciarchars($docs[$j]->getName()).
 							"</a>";
 				}
 				echo "</ul>";




More information about the Fusionforge-commits mailing list