gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-14 13:42:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- prevent xss attack

Browse Source 
- no need to decodeString() in javascript anymore
This commit is contained in:
steinm 2012-09-11 12:55:29 +00:00
parent 24d41c956d
commit 14755b838a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
out/out.DocumentChooser.php
View File

@ -87,7 +87,7 @@ function printTree($path, $level = 0)
for ($i = 0; $i < count($documents); $i++) { for ($i = 0; $i < count($documents); $i++) {
print "<li>\n"; print "<li>\n";
print "<img class='treeicon' src=\"images/blank.png\">"; print "<img class='treeicon' src=\"images/blank.png\">";
print "<a class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".str_replace("'", "\\'", $documents[$i]->getName())."');\"><img src=\"images/file.gif\" border=0>".htmlspecialchars($documents[$i]->getName())."</a>"; print "<a class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".str_replace("'", "\\'", htmlspecialchars($documents[$i]->getName()))."');\"><img src=\"images/file.gif\" border=0>".htmlspecialchars($documents[$i]->getName())."</a>";
print "</li>"; print "</li>";
} }
@ -126,7 +126,7 @@ var targetName;
var targetID; var targetID;
function documentSelected(id, name) { function documentSelected(id, name) {
targetName.value = decodeString(name); targetName.value = name; //decodeString(name);
targetID.value = id; targetID.value = id;
window.close(); window.close();
return true; return true;