From: pcanterino <> Date: Tue, 14 Jun 2005 14:58:39 +0000 (+0000) Subject: Again: Forgot to encode HTML in some more strings... X-Git-Tag: version_3_0~16 X-Git-Url: https://git.p6c8.net/devedit.git/commitdiff_plain/ed91b27bf5622a0eeb0a1d7adaebaea0ab380a32 Again: Forgot to encode HTML in some more strings... --- diff --git a/modules/Command.pm b/modules/Command.pm index f42deeb..b2bbfe9 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -514,8 +514,8 @@ sub exec_upload($$) my $virtual = $data->{'virtual'}; my $cgi = $data->{'cgi'}; - return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical && not -l $physical); - return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual}) unless(-w $physical); + return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => encode_html($virtual)}) unless(-d $physical && not -l $physical); + return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => encode_html($virtual)}) unless(-w $physical); if(my $uploaded_file = $cgi->param('uploaded_file')) {