From e2ea11e05654d527c7210f15c5265aa5e1664ad4 Mon Sep 17 00:00:00 2001
From: Shinsuke Sugaya <shinsuke@apache.org>
Date: Wed, 8 Jan 2020 06:32:47 +0900
Subject: [PATCH] fix hidden values

---
 src/main/webapp/WEB-INF/view/admin/storage/admin_storage.jsp | 4 ++--
 src/main/webapp/WEB-INF/view/searchResults.jsp               | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/webapp/WEB-INF/view/admin/storage/admin_storage.jsp b/src/main/webapp/WEB-INF/view/admin/storage/admin_storage.jsp
index 04d1f6385..7fb934d93 100644
--- a/src/main/webapp/WEB-INF/view/admin/storage/admin_storage.jsp
+++ b/src/main/webapp/WEB-INF/view/admin/storage/admin_storage.jsp
@@ -56,7 +56,7 @@
 											<div class="modal-dialog">
 												<div class="modal-content">
 													<la:form action="/admin/storage/createDir/" enctype="multipart/form-data" styleClass="form-inline">
-														<input type="hidden" name="path" value="${path}" />
+														<input type="hidden" name="path" value="${f:h(path)}" />
 														<div class="modal-header">
 															<button type="button" class="close" data-dismiss="modal" aria-label="Close">
 																<span aria-hidden="true">&times;</span>
@@ -89,7 +89,7 @@
 											<div class="modal-dialog">
 												<div class="modal-content">
 													<la:form action="/admin/storage/upload/" enctype="multipart/form-data" styleClass="form-inline">
-														<input type="hidden" name="path" value="${path}" />
+														<input type="hidden" name="path" value="${f:h(path)}" />
 														<div class="modal-header">
 															<button type="button" class="close" data-dismiss="modal" aria-label="Close">
 																<span aria-hidden="true">&times;</span>
diff --git a/src/main/webapp/WEB-INF/view/searchResults.jsp b/src/main/webapp/WEB-INF/view/searchResults.jsp
index d7bf23306..b0d529d3d 100644
--- a/src/main/webapp/WEB-INF/view/searchResults.jsp
+++ b/src/main/webapp/WEB-INF/view/searchResults.jsp
@@ -33,8 +33,8 @@
 	</div>
 </c:if>
 <div id="result" class="row">
-	<input type="hidden" id="queryId" value="${f:u(queryId)}" /> <input
-		type="hidden" id="rt" value="${f:u(requestedTime)}" />
+	<input type="hidden" id="queryId" value="${f:h(queryId)}" /> <input
+		type="hidden" id="rt" value="${f:h(requestedTime)}" />
 	<ol class="list-unstyled col-md-8">
 		<c:forEach var="doc" varStatus="s" items="${documentItems}">
 			<li id="result${s.index}">
-- 
GitLab