Skip to content
Browse files

improved path handling for special characters

  • Loading branch information...
1 parent 0ed6481 commit 6af709290c500fb44ba0eec53ae465353dd75104 @garvinhicking garvinhicking committed May 22, 2012
View
1 serendipity_event_fckeditor/ChangeLog
@@ -0,0 +1 @@
+0.6: Add escpaing of path, thanks to Stefan Schurtz (not really 'exploitable', but not nice also)
View
4 serendipity_event_fckeditor/serendipity_event_fckeditor.php
@@ -31,7 +31,7 @@ function introspect(&$propbag)
$propbag->add('description', PLUGIN_EVENT_FCKEDITOR_DESC);
$propbag->add('stackable', false);
$propbag->add('author', 'Ziyad Saeed, Garvin Hicking');
- $propbag->add('version', '0.5');
+ $propbag->add('version', '0.6');
$propbag->add('requirements', array(
'serendipity' => '0.9',
'smarty' => '2.6.7',
@@ -82,7 +82,7 @@ function event_hook($event, &$bag, &$eventData) {
break;
case 'backend_wysiwyg_finish':
- $path = $this->get_config('path');
+ $path = htmlspecialchars($this->get_config('path'));
if ($this->init) {
return true;
}

0 comments on commit 6af7092

Please sign in to comment.
Something went wrong with that request. Please try again.