prevent xss attacks

author: Björn Schießle <schiessle@owncloud.com> 2012-10-05 17:05:23 +0200
committer: Björn Schießle <schiessle@owncloud.com> 2012-10-05 17:05:23 +0200
commit: 4f7c7c615e6eb0e3818b28a24d8cf77cd7546e19 (patch)
tree: 41f470201ba61600c834db2bd4881cf3ee4e7dcf /apps/files/templates
parent: 5e2bce24b4d7576f2503edb762afd6cbe3caccea (diff)
download: nextcloud-server-4f7c7c615e6eb0e3818b28a24d8cf77cd7546e19.tar.gz
nextcloud-server-4f7c7c615e6eb0e3818b28a24d8cf77cd7546e19.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php
index 875fc747bb7..71b695f65f8 100644
--- a/apps/files/templates/part.breadcrumb.php
+++ b/apps/files/templates/part.breadcrumb.php
@@ -1,6 +1,6 @@
 	<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
         $crumb = $_["breadcrumb"][$i]; ?>
-		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $crumb["dir"];?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'>
-		<a href="<?php echo $_['baseURL'].$crumb["dir"]; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
+		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'>
+		<a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
 		</div>
 	<?php endfor;?>
author	Björn Schießle <schiessle@owncloud.com>	2012-10-05 17:05:23 +0200
committer	Björn Schießle <schiessle@owncloud.com>	2012-10-05 17:05:23 +0200
commit	4f7c7c615e6eb0e3818b28a24d8cf77cd7546e19 (patch)
tree	41f470201ba61600c834db2bd4881cf3ee4e7dcf /apps/files/templates
parent	5e2bce24b4d7576f2503edb762afd6cbe3caccea (diff)
download	nextcloud-server-4f7c7c615e6eb0e3818b28a24d8cf77cd7546e19.tar.gz nextcloud-server-4f7c7c615e6eb0e3818b28a24d8cf77cd7546e19.zip