- prevent xss attack

2025-03-12 00:45:34 +00:00 · 2012-09-11 12:54:43 +00:00 · 2012-09-11 12:54:43 +00:00 · 24d41c956d
commit 24d41c956d
parent 8a20cbbbc1
1 changed files with 1 additions and 1 deletions
--- a/inc/inc.ClassUI.php
+++ b/inc/inc.ClassUI.php
@ -693,7 +693,7 @@ class UI {
 			if ($folderID != $currentFolderID){
 			
 				if ($navigation) print "<a href=\"../out/out.ViewFolder.php?folderid=" . $folderID . "&showtree=1\">";
-				else print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folderID . ", '" . str_replace("'", "\\'", $folder->getName()) . "')\">";
+				else print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folderID . ", '" . str_replace("'", "\\'", htmlspecialchars($folder->getName())) . "')\">";

 			}else print "<span class=\"selectedfoldertree\">";