4525: Sanitize all input fields to disallow XSS. All the input field that most likel...

[acontent.git] / docs / file_manager / edit.php

diff --git a/docs/file_manager/edit.php b/docs/file_manager/edit.php
index 01a2147..95e6240 100644 (file)
--- a/docs/file_manager/edit.php
+++ b/docs/file_manager/edit.php
@@ -97,15 +97,15 @@ if (!isset($_POST['extension'])) {
 ?>\r
 \r
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">\r
-<input type="hidden" name="pathext" value="<?php echo $pathext; ?>" />\r
-<input type="hidden" name="framed" value="<?php echo $framed; ?>" />\r
-<input type="hidden" name="popup" value="<?php echo $popup; ?>" />\r
-<input type="hidden" name="file" value="<?php echo $file; ?>" />\r
-<input type="hidden" name="_course_id" value="<?php echo $_course_id; ?>" />\r
+<input type="hidden" name="pathext" value="<?php echo AT_print($pathext, 'input.hidden'); ?>" />\r
+<input type="hidden" name="framed" value="<?php echo AT_print($framed, 'input.hidden'); ?>" />\r
+<input type="hidden" name="popup" value="<?php echo AT_print($popup, 'input.hidden'); ?>" />\r
+<input type="hidden" name="file" value="<?php echo AT_print($file, 'input.hidden'); ?>" />\r
+<input type="hidden" name="_course_id" value="<?php echo AT_print($_course_id, 'input.hidden'); ?>" />\r
 <input type="submit" name="submit" style="display:none;"/>\r
 <div class="input-form">\r
        <div class="row">\r
-               <h3><?php echo $file; ?></h3>\r
+               <h3><?php echo AT_print($file, 'input.h3'); ?></h3>\r
        </div>\r
        <div class="row">\r
                <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><?php echo _AT('type'); ?><br />\r