From 9d1444279d5c1703622fe86529b64b40a3019554 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jean-Michel=20Vourg=C3=A8re?= Date: Sun, 26 Feb 2017 11:21:02 +1300 Subject: [PATCH] Fixes for folder names containing ' --- squasher.class.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/squasher.class.php b/squasher.class.php index 1427e40..a699f4c 100644 --- a/squasher.class.php +++ b/squasher.class.php @@ -241,7 +241,8 @@ function get_rights($user_id) { //create folder structure array foreach ($folder_arr AS $key => $value) { - $arr_string .= "['".$value."']"; + $value_escaped = str_replace("'", "\\'", $value); + $arr_string .= "['".$value_escaped."']"; } } $arr_string .= "['__access__']"; @@ -329,10 +330,11 @@ function show_rights_tree($path, $depth=0, $userid=0) { $style[$depth] = ".depth".$depth."{float:right;width:".(600-($depth*10))."px;border-left:2px solid #FFFFFF;border-top:1px solid #FFFFFF;background:#".dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).";}"; if ($f==1) $layout .= "
"; - $layout .= "
".$file."
\n"; - $layout .= "
\n"; - $layout .= "
\n"; - $layout .= "
\n"; + $layout .= "
".htmlspecialchars($file)."
\n"; + $name_escaped = htmlspecialchars($name); + $layout .= '
\n"; + $layout .= '
\n"; + $layout .= '
\n"; $sub_return = $this->show_rights_tree($filename,$depth+1,$userid); if (is_array($style) && is_array($sub_return['style'])) $style = $style + $sub_return['style']; -- 2.30.2