From 909f2c95c4167a35dd39fb475df18e6f8e1ba106 Mon Sep 17 00:00:00 2001
From: denise <denise@denise-DX4860sourcefabric.org>
Date: Tue, 5 Feb 2013 17:24:39 -0500
Subject: [PATCH] XSS exploit prevention - audio preview

---
 .../application/controllers/AudiopreviewController.php        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/airtime_mvc/application/controllers/AudiopreviewController.php b/airtime_mvc/application/controllers/AudiopreviewController.php
index 302e8c545..6955fccd9 100644
--- a/airtime_mvc/application/controllers/AudiopreviewController.php
+++ b/airtime_mvc/application/controllers/AudiopreviewController.php
@@ -62,8 +62,8 @@ class AudiopreviewController extends Zend_Controller_Action
         $this->view->audioFileID     = $audioFileID;
         // We need to decode artist and title because it gets
         // encoded twice in js
-        $this->view->audioFileArtist = urldecode($audioFileArtist);
-        $this->view->audioFileTitle  = urldecode($audioFileTitle);
+        $this->view->audioFileArtist = htmlspecialchars(urldecode($audioFileArtist));
+        $this->view->audioFileTitle  = htmlspecialchars(urldecode($audioFileTitle));
         $this->view->type            = $type;
 
         $this->_helper->viewRenderer->setRender('audio-preview');