From c3fea30811f845fe357b70d5beb511ca4ad42eca Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 11 Jul 2012 19:14:04 +0200
Subject: [PATCH] Sanitizing file names

---
 apps/files/js/filelist.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index e6a9a6883af..3645258f98f 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -14,7 +14,7 @@ FileList={
 			var extension=false;
 		}
 		html+='<td class="filename" style="background-image:url('+img+')"><input type="checkbox" />';
-		html+='<a class="name" href="download.php?file='+$('#dir').val()+'/'+name+'"><span class="nametext">'+basename
+		html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+name+'"><span class="nametext">'+basename
 		if(extension){
 			html+='<span class="extension">'+extension+'</span>';
 		}
-- 
GitLab