From a73a7a4ad3777c4e46a44aac6244b3ba9c9ddce4 Mon Sep 17 00:00:00 2001
From: Zlatin Balevsky <zlatinb@gmail.com>
Date: Tue, 6 Jul 2021 20:37:58 +0100
Subject: [PATCH] sanitize input in /FileDetails page.  Thanks to Beardog for
 the report

---
 webui/src/main/webapp/FileDetails.jsp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webui/src/main/webapp/FileDetails.jsp b/webui/src/main/webapp/FileDetails.jsp
index c1ee5c9f..0f7f3ce7 100644
--- a/webui/src/main/webapp/FileDetails.jsp
+++ b/webui/src/main/webapp/FileDetails.jsp
@@ -11,7 +11,7 @@ String helptext = Util._t("View details about the selected shared file here.");
 
 String path = request.getParameter("path");
 File file = Util.getFromPathElements(path);
-
+String filePath = Util.escapeHTMLinXML(file.getAbsolutePath());
 %>
 
 <html>
@@ -31,7 +31,7 @@ File file = Util.getFromPathElements(path);
 <%@include file="sidebar.jsi"%>    	
 	    </aside>
 	    <section class="main foldermain">
-	    	<h2><%=Util._t("Details for {0}", file.getAbsolutePath())%></h2>
+	    	<h2><%=Util._t("Details for {0}", filePath)%></h2>
 	    	<h3><%=Util._t("Search Hits")%></h3>
 		    <div id="table-wrapper">
 				<div id="table-scroll">