xss vulnerability fixed

diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php
index 1fdbea59575dc37fc799097183b5a347d61649f0..e30052fafa3017e3a94b1d5fdceddace5f29dbc2 100644 (file)
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
@@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
 </style>
 <script type="text/javascript">
 
-var root = "<?php echo htmlentities($root); ?>";
+var root = "<?php echo $root; ?>";
 
 function explode(element) {
        $('div', element).each(function(index, elem) {
@@ -64,7 +64,7 @@ $(document).ready(function() {
                for ($i = 0; $i < count($paths); $i++) {
                        $path .= urlencode($paths[$i]).'/';
                        $classess = 'crumb'.($i == count($paths)-1?' last':'');
-                       echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>';
+                       echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.\OCP\Util::sanitizeHTML($paths[$i]).'</a></div>';
                }
        }