$tpl->fillin('FILE_URL',escape($virtual));
$tpl->fillin('DIR',encode_html($dir));
$tpl->fillin('DIR_URL',escape($dir));
- $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
$tpl->fillin('MD5SUM',$md5sum);
$tpl->fillin('CONTENT',encode_html($$content));
local *FILE;
- sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual});
- file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}) };
+ sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)});
+ file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}) };
my $md5 = new Digest::MD5;
$md5->addfile(*FILE);
$tpl->fillin('FILE_URL',escape($virtual));
$tpl->fillin('DIR',encode_html($dir));
$tpl->fillin('DIR_URL',escape($dir));
- $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
$tpl->fillin('MD5SUM',$md5file);
$tpl->fillin('CONTENT',encode_html($content));
my $virtual = $data->{'virtual'};
my $cgi = $data->{'cgi'};
- return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical && not -l $physical);
- return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual}) unless(-w $physical);
+ return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => encode_html($virtual)}) unless(-d $physical && not -l $physical);
+ return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => encode_html($virtual)}) unless(-w $physical);
if(my $uploaded_file = $cgi->param('uploaded_file'))
{
$tpl->fillin('DIR',encode_html($virtual));
$tpl->fillin('DIR_URL',escape($virtual));
- $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');
$tpl->fillin('DIR_URL',escape($dir));
$tpl->fillin('COMMAND','copy');
- $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');
$tpl->fillin('FILE',encode_html($virtual));
$tpl->fillin('DIR',encode_html($dir));
$tpl->fillin('DIR_URL',escape($dir));
- $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');
$tpl->fillin('DIR',encode_html($dir));
$tpl->fillin('COMMAND','rename');
- $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');
$tpl->fillin('FILE',encode_html($virtual));
$tpl->fillin('DIR',encode_html($dir));
$tpl->fillin('DIR_URL',escape($dir));
- $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');
$tpl->fillin('DIR_URL',escape($virtual));
$tpl->fillin('UPPER_DIR',encode_html($dir));
$tpl->fillin('UPPER_DIR_URL',escape($dir));
- $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');
$tpl->fillin('FILE_URL',escape($virtual));
$tpl->fillin('DIR',encode_html($dir));
$tpl->fillin('DIR_URL',escape($dir));
- $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');
$tpl->fillin('FILE_URL',escape($virtual));
$tpl->fillin('DIR',encode_html($dir));
$tpl->fillin('DIR_URL',escape($dir));
- $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));
+ $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
$tpl->fillin('SCRIPT',$script);
my $output = header(-type => 'text/html');