summaryrefslogtreecommitdiffstats
path: root/files/templates/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'files/templates/index.php')
-rw-r--r--files/templates/index.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/files/templates/index.php b/files/templates/index.php
index f423b96ba1e..639bdeaead8 100644
--- a/files/templates/index.php
+++ b/files/templates/index.php
@@ -15,7 +15,7 @@
<form data-upload-id='1' class="file_upload_form" action="ajax/upload.php" method="post" enctype="multipart/form-data" target="file_upload_target_1">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
- <input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
+ <input type="hidden" name="dir" value="<?php echo htmlentities($_['dir']) ?>" id="dir">
<button class="file_upload_filename">&nbsp;<img class='svg action' alt="Upload" src="<?php echo image_path("core", "actions/upload.svg"); ?>" /></button>
<input class="file_upload_start" type="file" name='files[]'/>
<a href="#" class="file_upload_button_wrapper" onclick="return false;" title="<?php echo $l->t('Upload'); echo ' max. '.$_['uploadMaxHumanFilesize'] ?>"></a>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-02 21:00:01 +0000