foto: escape html (ampersands) in album links

[minimedit.git] / foto / index.php

diff --git a/foto/index.php b/foto/index.php
index a6378ef8f393487113b64b430a121adb4d33d511..49e5483d24d4d23ecaa8b0b3dbc078d8a49cd759 100644 (file)
--- a/foto/index.php
+++ b/foto/index.php
@@ -72,22 +72,22 @@ if ($imgs = glob("$rootdir/*", GLOB_ONLYDIR)) {
        natsort($imgs);
        print '<ul class="gallery cat">'."\n";
        foreach ($imgs as $path) {
-               $parts = pathinfo($path);
-               $album = $parts['filename'];
+               $album = htmlspecialchars(pathinfo($path, PATHINFO_FILENAME));
                $cover = "$path/index.jpg";
                if (!file_exists($cover)) $cover = 'foto/index.jpg';
                if (is_link($cover)) {
                        $cover = preg_replace('{^(?:\.\./)*(?=data/)}', 'thumb/100/', readlink($cover));
                }
 
-               $html = '<img src="/'.$cover.'" />';
+               $html = sprintf('<img src="/%s" />', htmlspecialchars($cover));
                $html .= "<figcaption>$album</figcaption>";
                if (!$User->login and file_exists("$path/.private")) {
                        $html = '<s title="bewoners">'.$html.'</s>';
                }
                $html = "<figure>$html</figure>";
 
-               printf('<li id="%s"><a href="%s">%s</a>'."\n", $album, "/$path", $html);
+               printf('<li id="%s">', $album);
+               printf('<a href="/%s">%s</a>'."\n", htmlspecialchars($path), $html);
        }
        print "</ul>\n\n";
 }