From ed91b27bf5622a0eeb0a1d7adaebaea0ab380a32 Mon Sep 17 00:00:00 2001
From: pcanterino <>
Date: Tue, 14 Jun 2005 14:58:39 +0000
Subject: [PATCH 1/1] Again: Forgot to encode HTML in some more strings...

---
 modules/Command.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/Command.pm b/modules/Command.pm
index f42deeb..b2bbfe9 100644
--- a/modules/Command.pm
+++ b/modules/Command.pm
@@ -514,8 +514,8 @@ sub exec_upload($$)
  my $virtual        = $data->{'virtual'};
  my $cgi            = $data->{'cgi'};
 
- return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical && not -l $physical);
- return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual})             unless(-w $physical);
+ return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => encode_html($virtual)}) unless(-d $physical && not -l $physical);
+ return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => encode_html($virtual)})             unless(-w $physical);
 
  if(my $uploaded_file = $cgi->param('uploaded_file'))
  {
-- 
2.34.1