//create folder structure array
foreach ($folder_arr AS $key => $value) {
- $arr_string .= "['".$value."']";
+ $value_escaped = str_replace("'", "\\'", $value);
+ $arr_string .= "['".$value_escaped."']";
}
}
$arr_string .= "['__access__']";
$style[$depth] = ".depth".$depth."{float:right;width:".(600-($depth*10))."px;border-left:2px solid #FFFFFF;border-top:1px solid #FFFFFF;background:#".dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).";}";
if ($f==1)
$layout .= "<div class='depth".$depth."'>";
- $layout .= "<div class='white_border' >".$file."</div>\n";
- $layout .= "<div class='check_deny'><input name='m[".$name."]' value=0 type=radio ".$check_deny."></div>\n";
- $layout .= "<div class='check_allow'><input name='m[".$name."]' value=1 type=radio ".$check_allow."></div>\n";
- $layout .= "<div class='check_all'><input name='m[".$name."]' value=2 type=radio ".$check_all."></div>\n";
+ $layout .= "<div class='white_border' >".htmlspecialchars($file)."</div>\n";
+ $name_escaped = htmlspecialchars($name);
+ $layout .= '<div class="check_deny"><input name="m['.$name_escaped.']" value=0 type=radio '.$check_deny."></div>\n";
+ $layout .= '<div class="check_allow"><input name="m['.$name_escaped.']" value=1 type=radio '.$check_allow."></div>\n";
+ $layout .= '<div class="check_all"><input name="m['.$name_escaped.']" value=2 type=radio '.$check_all."></div>\n";
$sub_return = $this->show_rights_tree($filename,$depth+1,$userid);
if (is_array($style) && is_array($sub_return['style']))
$style = $style + $sub_return['style'];
projects / squasher.git / commitdiff