- just replace ' by \' in javascript code, do not use htmlspecialchars()

2025-06-18 02:59:27 +00:00 · 2011-12-05 16:44:09 +00:00 · 2011-12-05 16:44:09 +00:00 · d2a4147de3
commit d2a4147de3
parent 696e4f7ec2
2 changed files with 2 additions and 2 deletions
--- a/inc/inc.ClassUI.php
+++ b/inc/inc.ClassUI.php
@ -688,7 +688,7 @@ class UI {
 			if ($folderID != $currentFolderID){
 				if ($navigation) print "<a href=\"../out/out.ViewFolder.php?folderid=" . $folderID . "&showtree=1\">";
-				else print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folderID . ", '" . htmlspecialchars($folder->getName(), ENT_QUOTES) . "')\">";
+				else print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folderID . ", '" . str_replace("'", "\\'", $folder->getName()) . "')\">";
 			}else print "<span class=\"selectedfoldertree\">";
--- a/out/out.DocumentChooser.php
+++ b/out/out.DocumentChooser.php
@ -87,7 +87,7 @@ function printTree($path, $level = 0)
 	for ($i = 0; $i < count($documents); $i++) {
 		print "<li>\n";
 		print "<img class='treeicon' src=\"images/blank.png\">";
-		print "<a  class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".htmlspecialchars($documents[$i]->getName(), ENT_QUOTES)."');\"><img src=\"images/file.gif\" border=0>".htmlspecialchars($documents[$i]->getName())."</a>";
+		print "<a  class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".str_replace("'", "\\'", $documents[$i]->getName())."');\"><img src=\"images/file.gif\" border=0>".htmlspecialchars($documents[$i]->getName())."</a>";
 		print "</li>";
 	}