diff options
| author | Tom Needham <needham.thomas@gmail.com> | 2011-09-28 20:26:30 +0100 |
|---|---|---|
| committer | Tom Needham <needham.thomas@gmail.com> | 2011-09-28 20:26:30 +0100 |
| commit | 4fe993a55dd998146c36c6cc2aa190cbac82abde (patch) | |
| tree | 4b2df4ffa00f2ef0b3202bcc5fc0ac904ad4ece8 | |
| parent | 2ca74dc334de525fdf5dc984de3702d65ce79d4a (diff) | |
| download | nextcloud-server-4fe993a55dd998146c36c6cc2aa190cbac82abde.tar.gz nextcloud-server-4fe993a55dd998146c36c6cc2aa190cbac82abde.zip | |
Replaced urlencode() and urldecode() with htmlspecialchars() and htmlspecialchars_decode()
| -rw-r--r-- | apps/editor/ajax/savefile.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/editor/ajax/savefile.php b/apps/editor/ajax/savefile.php index 634197c7a10..b1b2d50436c 100644 --- a/apps/editor/ajax/savefile.php +++ b/apps/editor/ajax/savefile.php @@ -28,7 +28,7 @@ require_once('../../../lib/base.php'); OC_JSON::checkLoggedIn(); // Save the file data -$filecontents = $_POST['filecontents']; +$filecontents = htmlspecialchars_decode($_POST['filecontents']); $file = $_POST['file']; $dir = $_POST['dir']; $path = $dir.'/'.$file; @@ -37,7 +37,7 @@ $sessionname = md5('oc_file_hash_'.$path); function do_save($path,$filecontents){ $sessionname = md5('oc_file_hash_'.$path); - OC_Filesystem::update_session_file_hash($sessionname,md5(urlencode($filecontents))); + OC_Filesystem::update_session_file_hash($sessionname,md5(htmlspecialchars($filecontents))); OC_Filesystem::file_put_contents($path, $filecontents); } @@ -45,7 +45,7 @@ function do_save($path,$filecontents){ if(isset($_SESSION[$sessionname])){ if(!empty($_SESSION[$sessionname])){ // Compare to current hash of file. - $savedfilecontents = urlencode(OC_Filesystem::file_get_contents($path)); + $savedfilecontents = htmlspecialchars(OC_Filesystem::file_get_contents($path)); $hash = md5($savedfilecontents); $originalhash = $_SESSION[$sessionname]; // Compare with hash taken when file was opened |