From b8fd27cd064e722327a3be8e3b930cc2e2b59006 Mon Sep 17 00:00:00 2001
From: Nahuel Angelinetti <nahuel@altnetvision.info>
Date: Mon, 27 Nov 2006 18:58:53 +0000
Subject: [PATCH] Correction de l'affichage des noms de fichiers/repertoires
 qui permettait d'executer du code Javascript dans le brouteur

---
 bureau/admin/bro_main.php | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/bureau/admin/bro_main.php b/bureau/admin/bro_main.php
index 39080ded..af62530b 100644
--- a/bureau/admin/bro_main.php
+++ b/bureau/admin/bro_main.php
@@ -191,7 +191,7 @@ echo "<td width=\"28\"><img src=\"icon/".$bro->icon($c[$i]["name"])."\" width=\"
 }
 echo "<td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
-echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td>";
 echo "<td>".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d H:i:s",$c[$i]["date"]))."<br /></td>";
 if ($p["showtype"]) {
@@ -211,7 +211,7 @@ echo "<td width=\"28\"><img src=\"icon/folder.png\" width=\"16\" height=\"16\" a
 }
 echo "<td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td>";
 echo "<td>".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d h:i:s",$c[$i]["date"]))."<br /></td>";
 if ($p["showtype"]) {
@@ -238,7 +238,7 @@ echo "<tr class=\"lst$col\">\n";
 if ($c[$i]["type"]) {
 echo "	<td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\" /></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
-echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 if ($vu) {
@@ -250,7 +250,7 @@ echo "</td>\n";
 } else {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 echo "</td>\n";
@@ -268,7 +268,7 @@ echo "<tr class=\"lst$col\">\n";
 if ($c[$i]["type"]) {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
-echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 if ($vu) {
@@ -280,7 +280,7 @@ echo "</td>\n";
 } else {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 echo "</td>\n";
@@ -305,7 +305,7 @@ echo "<tr class=\"lst$col\">\n";
 if ($c[$i]["type"]) {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
-echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 if ($vu) {
@@ -317,7 +317,7 @@ echo "</td>\n";
 } else {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 echo "</td>\n";
@@ -335,7 +335,7 @@ echo "<tr class=\"lst$col\">\n";
 if ($c[$i]["type"]) {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
-echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 if ($vu) {
@@ -348,7 +348,7 @@ echo "</td>\n";
 } else {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 echo "</td>\n";
@@ -366,7 +366,7 @@ echo "<tr class=\"lst$col\">\n";
 if ($c[$i]["type"]) {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
-echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 if ($vu) {
@@ -378,7 +378,7 @@ echo "</td>\n";
 } else {
 echo "	<td width=\"28\"><input TYPE=checkbox class=\"inc\"  name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
-echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "	<td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 echo "</td>\n";