From 6f26be97d9a1bb38af0ae9f41c64e008bc459ebc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sun, 26 Dec 2021 16:39:49 +0100
Subject: [PATCH] htmlEntities for download attr.

---
 index.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/index.php b/index.php
index ba01ece..9a1bebb 100644
--- a/index.php
+++ b/index.php
@@ -178,8 +178,7 @@ function display_block( $file )
 	if(in_array($file, $ignore_file_list)) return;
 	if(in_array($file_ext, $ignore_ext_list)) return;
 	
-	$download_att = ($force_download AND $file_ext != "dir" ) ? " download='" . basename($file) . "'" : "";
-	
+	$download_att = ($force_download AND $file_ext != "dir" ) ? " download=\"" . htmlEntities(basename($file), ENT_QUOTES) . "\"" : "";
 	$rtn = "<div class=\"block\">";
 	$rtn .= "<a href=\"$file\" class=\"$file_ext\"{$download_att}>";
 	$rtn .= "	<div class=\"img $file_ext\"></div>";