Sanitizing file names

diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index e6a9a6883af8e7bec9d0f3bcb2b9b48ddb5fbcf0..3645258f98f0ae3a43211369a90477b4439e84f1 100644 (file)
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -14,7 +14,7 @@ FileList={
                        var extension=false;
                }
                html+='<td class="filename" style="background-image:url('+img+')"><input type="checkbox" />';
-               html+='<a class="name" href="download.php?file='+$('#dir').val()+'/'+name+'"><span class="nametext">'+basename
+               html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+name+'"><span class="nametext">'+basename
                if(extension){
                        html+='<span class="extension">'+extension+'</span>';
                }