X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/04b33d6e48a217e5cde7b8a326c342ee32fc2715..b28c58864e20c556b65ec60f02c0df6401f73351:/foto/index.php

diff --git a/foto/index.php b/foto/index.php
index a6378ef..49e5483 100644
--- a/foto/index.php
+++ b/foto/index.php
@@ -72,22 +72,22 @@ if ($imgs = glob("$rootdir/*", GLOB_ONLYDIR)) {
 	natsort($imgs);
 	print '<ul class="gallery cat">'."\n";
 	foreach ($imgs as $path) {
-		$parts = pathinfo($path);
-		$album = $parts['filename'];
+		$album = htmlspecialchars(pathinfo($path, PATHINFO_FILENAME));
 		$cover = "$path/index.jpg";
 		if (!file_exists($cover)) $cover = 'foto/index.jpg';
 		if (is_link($cover)) {
 			$cover = preg_replace('{^(?:\.\./)*(?=data/)}', 'thumb/100/', readlink($cover));
 		}
 
-		$html = '<img src="/'.$cover.'" />';
+		$html = sprintf('<img src="/%s" />', htmlspecialchars($cover));
 		$html .= "<figcaption>$album</figcaption>";
 		if (!$User->login and file_exists("$path/.private")) {
 			$html = '<s title="bewoners">'.$html.'</s>';
 		}
 		$html = "<figure>$html</figure>";
 
-		printf('<li id="%s"><a href="%s">%s</a>'."\n", $album, "/$path", $html);
+		printf('<li id="%s">', $album);
+		printf('<a href="/%s">%s</a>'."\n", htmlspecialchars($path), $html);
 	}
 	print "</ul>\n\n";
 }