From 829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@madoka.volgo-balt.ru>
Date: Wed, 8 Feb 2017 15:07:05 +0300
Subject: add some protection against opener attacks if external site is opened
 via window.open()

---
 include/functions2.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/functions2.php b/include/functions2.php
index 6017a78f8..6674c7734 100644
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -1957,7 +1957,7 @@
 #				$entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
 #					$filename . " (" . $ctype . ")" . "</a>";
 
-				$entry = "<div onclick=\"window.open('".htmlspecialchars($url)."')\"
+				$entry = "<div onclick=\"openUrlPopup('".htmlspecialchars($url)."')\"
 					dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>";
 
 				array_push($entries_html, $entry);
@@ -2038,7 +2038,7 @@
 				else
 					$filename = "";
 
-				$rv .= "<div onclick='window.open(\"".htmlspecialchars($entry["url"])."\")'
+				$rv .= "<div onclick='openUrlPopup(\"".htmlspecialchars($entry["url"])."\")'
 					dojoType=\"dijit.MenuItem\">".$filename . $title."</div>";
 
 			};
-- 
cgit v1.2.3