diff --git a/application/controllers/admin/responses.php b/application/controllers/admin/responses.php
index 16e3d342c71..33e8f65ecd5 100644
--- a/application/controllers/admin/responses.php
+++ b/application/controllers/admin/responses.php
@@ -207,7 +207,7 @@ public function view($iSurveyID, $iId, $sBrowseLang = '')
}
$next = SurveyDynamic::model($iSurveyID)->next($iId);
$previous = SurveyDynamic::model($iSurveyID)->previous($iId);
-
+ $aData['bHasFile']=false;
if (isset($rlanguage))
{
$aData['rlanguage'] = $rlanguage;
@@ -246,15 +246,21 @@ public function view($iSurveyID, $iId, $sBrowseLang = '')
if (isset($phparray[$index]))
{
- if ($metadata === "size")
- $answervalue = rawurldecode(((int) ($phparray[$index][$metadata])) . " KB");
- else if ($metadata === "name")
+ switch ($metadata)
+ {
+ case "size":
+ $answervalue = sprintf(gt("%s KB"),intval($phparray[$index][$metadata]));
+ break;
+ case "name":
$answervalue = CHtml::link(
$oPurifier->purify(rawurldecode($phparray[$index][$metadata])),
$this->getController()->createUrl("/admin/responses",array("sa"=>"actionDownloadfile","surveyid"=>$surveyid,"iResponseId"=>$iId,"sFileName"=>$phparray[$index][$metadata]))
);
- else
- $answervalue = rawurldecode($phparray[$index][$metadata]);
+ break;
+ default:
+ $answervalue = htmlspecialchars(strip_tags(stripJavaScript($phparray[$index][$metadata])));
+ }
+ $aData['bHasFile']=true;
}
else
$answervalue = "";
diff --git a/application/views/admin/responses/browseidheader_view.php b/application/views/admin/responses/browseidheader_view.php
index 24f8f6986a9..2f50a4c6dd9 100644
--- a/application/views/admin/responses/browseidheader_view.php
+++ b/application/views/admin/responses/browseidheader_view.php
@@ -25,10 +25,10 @@
{ ?>
'/>
-
-
+
+