[Tickets #3824] NEW: Filenames containing a ' produce javascript errors

bugs@bugs.horde.org bugs at bugs.horde.org
Mon Apr 24 10:37:29 PDT 2006


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=3824
-----------------------------------------------------------------------
 Ticket             | 3824
 Created By         | gus at pbx.org
 Summary            | Filenames containing a ' produce javascript errors
 Queue              | Gollem
 Version            | HEAD
 State              | Unconfirmed
 Priority           | 1. Low
 Type               | Bug
 Owners             | 
-----------------------------------------------------------------------


gus at pbx.org (2006-04-24 10:37) wrote:

When browsing a directory containing a file with a ' in it, in IE it gives
javascript errors.

I believe the bug stems from:
gollem/manager.php line 400:

$item['link'] = Horde::link('#', '', '', '', "view('$url', '" . $val['name']
 . "'); return false;") . $name . '</a>';

where it is passing $val['name'] .. I have tried wrapping this in
addslashes() and htmlspecialchars(,ENT_QUOTES)  however neither one of them
fixes the errors, however there are no longer any 's in the string.. 

The _EXACT_ error in IE is:

Error: Expected ')'

the line it presents is never near one of the lines that has a filename with
a single quote (possibly javascript document.write somewhere)

investigating further...




More information about the bugs mailing list