sanitizeHTML() has to be called later to keep the path unchanged

diff --git a/apps/gallery/index.php b/apps/gallery/index.php
index 52a5b81a23a07e8f7e1f230fe622381c68f40704..b8aadacb47fb043f10729f551b94eebc00394fe3 100644 (file)
--- a/apps/gallery/index.php
+++ b/apps/gallery/index.php
@@ -94,7 +94,7 @@ for($i = 0; $i<count($root_images); $i++) {
 }
 
 $tmpl = new OCP\Template( 'gallery', 'index', 'user' );
-$tmpl->assign('root', $root);
+$tmpl->assign('root', $root, false);
 $tmpl->assign('tl', $tl, false);
 $tmpl->printPage();
 ?>

diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php
index c3b4a17854528144e2569d86ecc4322e768d3eff..c90932cefd0169479f82b0acbdbe5b3059823ed8 100644 (file)
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
@@ -1,6 +1,6 @@
 <script type="text/javascript">
 
-var root = "<?php echo OCP\Util::sanitizeHTML($_['root']); ?>";
+var root = "<?php echo $_['root']; ?>";
 
 $(document).ready(function() {
                $("a[rel=images]").fancybox({
@@ -18,7 +18,7 @@ $(document).ready(function() {
                for ($i = 0; $i < count($paths); $i++) {
                        $path .= urlencode($paths[$i]).'/';
                        $classess = 'crumb'.($i == count($paths)-1?' last':'');
-                       echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>';
+                       echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.OCP\Util::sanitizeHTML($paths[$i]).'</a></div>';
                }
        }