improved path handling for special characters

2012-05-22 12:15:06 +02:00 · 2012-05-22 12:15:06 +02:00 · 6af709290c
parent 0ed6481a8a
commit 6af709290c
2 changed files with 3 additions and 2 deletions
--- a/serendipity_event_fckeditor/ChangeLog
+++ b/serendipity_event_fckeditor/ChangeLog
@ -0,0 +1 @@
+0.6: Add escpaing of path, thanks to Stefan Schurtz (not really 'exploitable', but not nice also)
--- a/serendipity_event_fckeditor/serendipity_event_fckeditor.php
+++ b/serendipity_event_fckeditor/serendipity_event_fckeditor.php
@ -31,7 +31,7 @@ class serendipity_event_fckeditor extends serendipity_event
        $propbag->add('description',   PLUGIN_EVENT_FCKEDITOR_DESC);
        $propbag->add('stackable',     false);
        $propbag->add('author',        'Ziyad Saeed, Garvin Hicking');
-        $propbag->add('version',       '0.5');
+        $propbag->add('version',       '0.6');
        $propbag->add('requirements',  array(
            'serendipity' => '0.9',
            'smarty'      => '2.6.7',
@ -82,7 +82,7 @@ class serendipity_event_fckeditor extends serendipity_event
                    break;

                case 'backend_wysiwyg_finish':
-                    $path = $this->get_config('path');
+                    $path = htmlspecialchars($this->get_config('path'));
                    if ($this->init) {
                        return true;
                    }
				`@ -0,0 +1 @@`
				`0.6: Add escpaing of path, thanks to Stefan Schurtz (not really 'exploitable', but not nice also)`