From 5e9da1cf233349f9b8497cb686564a60144ee71d Mon Sep 17 00:00:00 2001
From: Michael J Rubinsky <mrubinsk@horde.org>
Date: Wed, 5 Aug 2015 21:30:49 -0400
Subject: [PATCH] SECURITY: Fix XSS vulnerability when viewing directories.

Discovered by: An anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure program
<http://www.beyondsecurity.com/ssd.html>
---
 gollem/lib/Gollem.php             | 2 +-
 gollem/templates/manager.html.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gollem/lib/Gollem.php b/gollem/lib/Gollem.php
index 06619aa5e37..cf11241837b 100644
--- a/gollem/lib/Gollem.php
+++ b/gollem/lib/Gollem.php
@@ -694,7 +694,7 @@ static public function directoryNavLink($currdir, $url)
                     if ($i == $parts_count) {
                         $label[] = $parts[($i - 1)];
                     } else {
-                        $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . $parts[($i - 1)] . '</a>';
+                        $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . htmlspecialchars($parts[($i - 1)]) . '</a>';
                     }
                 }
             }
diff --git a/gollem/templates/manager.html.php b/gollem/templates/manager.html.php
index 5f19e758f43..17eb87ae82a 100644
--- a/gollem/templates/manager.html.php
+++ b/gollem/templates/manager.html.php
@@ -39,7 +39,7 @@
 <input type="hidden" id="old_names" name="old_names" value="" />
 <input type="hidden" id="renamefrm_oldname" name="oldname" value="" />
 <input type="hidden" id="chmod" name="chmod" value="" />
-<input type="hidden" id="dir" name="dir" value="<?php echo $this->dir ?>" />
+<input type="hidden" id="dir" name="dir" value="<?php echo htmlspecialchars($this->dir) ?>" />
 <input type="hidden" name="targetFolder" value="" />
 
 <div class="header">