XSS exploit prevention - audio preview

2013-02-05 17:24:39 -05:00 · 2013-02-05 17:24:39 -05:00 · 909f2c95c4
parent 50bfcb7eb8
commit 909f2c95c4
1 changed files with 2 additions and 2 deletions
--- a/airtime_mvc/application/controllers/AudiopreviewController.php
+++ b/airtime_mvc/application/controllers/AudiopreviewController.php
@ -62,8 +62,8 @@ class AudiopreviewController extends Zend_Controller_Action
        $this->view->audioFileID     = $audioFileID;
        // We need to decode artist and title because it gets
        // encoded twice in js
-        $this->view->audioFileArtist = urldecode($audioFileArtist);
-        $this->view->audioFileTitle  = urldecode($audioFileTitle);
+        $this->view->audioFileArtist = htmlspecialchars(urldecode($audioFileArtist));
+        $this->view->audioFileTitle  = htmlspecialchars(urldecode($audioFileTitle));
        $this->view->type            = $type;

        $this->_helper->viewRenderer->setRender('audio-preview');