From a696b3be30553c324df95ce19af464f5002bcf82 Mon Sep 17 00:00:00 2001
From: hyung-hwan <hyunghwan.chung@gmail.com>
Date: Sun, 16 Aug 2015 13:08:22 +0000
Subject: [PATCH] called htmlspeciallchars() to escape a file import error
 message

---
 codepot/src/codepot/controllers/code.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/codepot/src/codepot/controllers/code.php b/codepot/src/codepot/controllers/code.php
index d3da417f..bbf64454 100644
--- a/codepot/src/codepot/controllers/code.php
+++ b/codepot/src/codepot/controllers/code.php
@@ -102,7 +102,7 @@ class Code extends Controller
 
 					if (count($import_files) > 0 && $this->subversion->importFiles ($projectid, $path, $login['id'], $post_new_message, $import_files, $this->upload) === FALSE)
 					{
-						$popup_error_message = '<pre>' . $this->subversion->import_files_errmsg . '</pre>';
+						$popup_error_message = '<pre>' . htmlspecialchars($this->subversion->import_files_errmsg) . '</pre>';
 					}
 					else
 					{