aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
authorNathan Guse <nathaniel.guse@gmail.com>2014-02-20 10:18:22 -0600
committerNathan Guse <nathaniel.guse@gmail.com>2014-02-20 10:18:22 -0600
commit2ffca79c0e21d71704f0c21148ff0e05ae4dc8fa (patch)
treeaf9cce25176ba59d3708ba1a781853d6b6fb34b4 /phpBB
parent169b1cf6cb233ee6b096ef184d437eb805aa81b2 (diff)
parent627dc886b349466091cbf82ce9683b73f91affae (diff)
downloadforums-2ffca79c0e21d71704f0c21148ff0e05ae4dc8fa.tar
forums-2ffca79c0e21d71704f0c21148ff0e05ae4dc8fa.tar.gz
forums-2ffca79c0e21d71704f0c21148ff0e05ae4dc8fa.tar.bz2
forums-2ffca79c0e21d71704f0c21148ff0e05ae4dc8fa.tar.xz
forums-2ffca79c0e21d71704f0c21148ff0e05ae4dc8fa.zip
Merge pull request #2044 from prototech/ticket/12212
[ticket/12212] Encode the attachment file name before presenting to user.
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/assets/javascript/plupload.js4
1 files changed, 3 insertions, 1 deletions
diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js
index 91a9806955..3c2fc5c3cb 100644
--- a/phpBB/assets/javascript/plupload.js
+++ b/phpBB/assets/javascript/plupload.js
@@ -162,7 +162,7 @@ phpbb.plupload.insertRow = function(file) {
var row = $(phpbb.plupload.rowTpl);
row.attr('id', file.id);
- row.find('.file-name').html(file.name);
+ row.find('.file-name').html(plupload.xmlEncode(file.name));
row.find('.file-size').html(plupload.formatSize(file.size));
if (phpbb.plupload.order == 'desc') {
@@ -499,6 +499,8 @@ $('#file-list').on('click', '.file-error', function(e) {
* Fires when an error occurs.
*/
uploader.bind('Error', function(up, error) {
+ error.file.name = plupload.xmlEncode(error.file.name);
+
// The error message that Plupload provides for these is vague, so we'll be more specific.
if (error.code === plupload.FILE_EXTENSION_ERROR) {
error.message = plupload.translate('Invalid file extension:') + ' ' + error.file.name;
generated by cgit v1.2.1 (git 2.21.0) at 2025-06-02 23:47:25 +0000