From 8963879f5dc34055d7f007c938c4383b4ab8ccc4 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 4 Feb 2015 07:41:33 +0100
Subject: [PATCH] htmlencode() the complete content in deletion dialog

this used to be just the filename, but translations of the text
may also contain qoutes which break the javascript
---
 views/bootstrap/class.Bootstrap.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 58bb1204e..90bb6dedd 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -1352,7 +1352,7 @@ $('#delete-document-btn-".$docid."').popover({
 	title: '".getMLText("rm_document")."',
 	placement: 'left',
 	html: true,
-	content: \"<div>".getMLText("confirm_rm_document", array ("documentname" => htmlspecialchars($document->getName(), ENT_QUOTES)))."</div><div><button class='btn btn-danger removedocument' style='float: right; margin:10px 0px;' rel='".$docid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removedocument')."' id='confirm-delete-document-btn-".$docid."'><i class='icon-remove'></i> ".getMLText("rm_document")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-document-btn-".$docid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
+	content: \"<div>".htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES)."</div><div><button class='btn btn-danger removedocument' style='float: right; margin:10px 0px;' rel='".$docid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removedocument')."' id='confirm-delete-document-btn-".$docid."'><i class='icon-remove'></i> ".getMLText("rm_document")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-document-btn-".$docid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
 ");
 		if($return)
 			return $content;
@@ -1381,7 +1381,7 @@ $('#delete-folder-btn-".$folderid."').popover({
 	title: '".getMLText("rm_folder")."',
 	placement: 'left',
 	html: true,
-	content: \"<div>".getMLText("confirm_rm_folder", array ("foldername" => htmlspecialchars($folder->getName(), ENT_QUOTES)))."</div><div><button class='btn btn-danger removefolder' style='float: right; margin:10px 0px;' rel='".$folderid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removefolder')."' id='confirm-delete-folder-btn-".$folderid."'><i class='icon-remove'></i> ".getMLText("rm_folder")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-folder-btn-".$folderid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
+	content: \"<div>".htmlspecialchars(getMLText("confirm_rm_folder", array ("foldername" => $folder->getName())), ENT_QUOTES)."</div><div><button class='btn btn-danger removefolder' style='float: right; margin:10px 0px;' rel='".$folderid."' msg='".getMLText($msg)."' formtoken='".createFormKey('removefolder')."' id='confirm-delete-folder-btn-".$folderid."'><i class='icon-remove'></i> ".getMLText("rm_folder")."</button> <button type='button' class='btn' style='float: right; margin:10px 10px;' onclick='$(&quot;#delete-folder-btn-".$folderid."&quot;).popover(&quot;hide&quot;);'>".getMLText('cancel')."</button></div>\"});
 ");
 		if($return)
 			return $content;