Escape special chars.

2009-03-24 17:36:50 +00:00
parent 21bf5ca339
commit 6b61b06c95
1 changed files with 2 additions and 2 deletions
--- a/bs_play_media.php
+++ b/bs_play_media.php
@@ -55,12 +55,12 @@
            {
                // audio content
                case 'audio/mpeg':
-                    ?><embed width=620 height=100 src="<?php echo $bs_file_path; ?>" autostart=true></embed><?php
+                    ?><embed width=620 height=100 src="<?php echo htmlspecialchars($bs_file_path); ?>" autostart=true></embed><?php
                    break;
                // video content
                case 'application/x-flash-video':
                case 'video/mpeg':
-                    ?><embed width=620 height=460 src="<?php echo $bs_file_path; ?>" autostart=true></embed><?php
+                    ?><embed width=620 height=460 src="<?php echo htmlspecialchars($bs_file_path); ?>" autostart=true></embed><?php
                    break;
                default:
                    // do nothing