maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Moving to smarty - escaping in webftp, refs #819

Browse Source 
Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>
This commit is contained in:
Florian Aders (EleRas)
2011-06-23 11:09:44 +02:00
parent 7cf0fa7284
commit 44a53492e6
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/Froxlor/webftp/webftp_edit.tpl
View File

@@ -24,7 +24,7 @@
<input type="hidden" name="currentDir" value="{$currentDir}" /> <input type="hidden" name="currentDir" value="{$currentDir}" />
<input type="hidden" name="file" value="{$file}" /> <input type="hidden" name="file" value="{$file}" />
<input type="hidden" name="mode" value="{$mode}" /> <input type="hidden" name="mode" value="{$mode}" />
<textarea name="fileContent" cols="80" rows="40" wrap="OFF" id="fileContent">{$myFileContent}</textarea> <textarea name="fileContent" cols="80" rows="40" wrap="OFF" id="fileContent">{$myFileContent|escape:'htmlall'}</textarea>
<br> <br>
<input type="submit" name="Submit" value="{t}Save file{/t}" /> <input type="submit" name="Submit" value="{t}Save file{/t}" />
<input type="button" name="Submit2" value="{t}Cancel{/t}" onClick="javascript:document.location.href='webftp.php?action=cd&amp;file={$currentDir}'" /> <input type="button" name="Submit2" value="{t}Cancel{/t}" onClick="javascript:document.location.href='webftp.php?action=cd&amp;file={$currentDir}'" />

2
webftp.php
View File

@@ -710,7 +710,7 @@ elseif ((!empty($_POST['loginname']) && !empty($_POST['password'])) || (!empty($
{ {
fclose($fp); fclose($fp);
// temporäre Datei lesen und ausgeben // temporäre Datei lesen und ausgeben
$myFileContent = htmlentities(implode("",file($downloadDir . killslashes(html_entity_decode($file))."_".$s))); $myFileContent = implode("",file($downloadDir . killslashes(html_entity_decode($file))."_".$s));
} }
$smarty->assign('myFileContent', $myFileContent); $smarty->assign('myFileContent', $myFileContent);
unlink($downloadDir . killslashes(html_entity_decode($file))."_".$s); unlink($downloadDir . killslashes(html_entity_decode($file))."_".$s);