From 4fe993a55dd998146c36c6cc2aa190cbac82abde Mon Sep 17 00:00:00 2001
From: Tom Needham <needham.thomas@gmail.com>
Date: Wed, 28 Sep 2011 20:26:30 +0100
Subject: [PATCH] Replaced urlencode() and urldecode() with htmlspecialchars()
 and htmlspecialchars_decode()

---
 apps/editor/ajax/savefile.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/editor/ajax/savefile.php b/apps/editor/ajax/savefile.php
index 634197c7a10..b1b2d50436c 100644
--- a/apps/editor/ajax/savefile.php
+++ b/apps/editor/ajax/savefile.php
@@ -28,7 +28,7 @@ require_once('../../../lib/base.php');
 OC_JSON::checkLoggedIn();
 
 // Save the file data
-$filecontents = $_POST['filecontents'];
+$filecontents = htmlspecialchars_decode($_POST['filecontents']);
 $file = $_POST['file'];
 $dir = $_POST['dir'];
 $path = $dir.'/'.$file;
@@ -37,7 +37,7 @@ $sessionname = md5('oc_file_hash_'.$path);
 
 function do_save($path,$filecontents){
 	$sessionname = md5('oc_file_hash_'.$path);
-	OC_Filesystem::update_session_file_hash($sessionname,md5(urlencode($filecontents)));
+	OC_Filesystem::update_session_file_hash($sessionname,md5(htmlspecialchars($filecontents)));
 	OC_Filesystem::file_put_contents($path, $filecontents);
 }
 
@@ -45,7 +45,7 @@ function do_save($path,$filecontents){
 if(isset($_SESSION[$sessionname])){
     if(!empty($_SESSION[$sessionname])){
         // Compare to current hash of file.
-        $savedfilecontents = urlencode(OC_Filesystem::file_get_contents($path));
+        $savedfilecontents = htmlspecialchars(OC_Filesystem::file_get_contents($path));
         $hash = md5($savedfilecontents);
         $originalhash = $_SESSION[$sessionname];
         // Compare with hash taken when file was opened
-- 
2.39.5