From dede46374f04359611ce358d81e08f64e19dfef7 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 13 Mar 2020 09:39:00 +0000 Subject: [PATCH] avoid double-escape for upload collision error --- ext/upload/theme.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/upload/theme.php b/ext/upload/theme.php index 7a1eb7a9..f8e74712 100644 --- a/ext/upload/theme.php +++ b/ext/upload/theme.php @@ -216,7 +216,9 @@ class UploadTheme extends Themelet public function display_upload_error(Page $page, string $title, string $message) { - $page->add_block(new Block($title, html_escape($message))); + // this message has intentional HTML in it... + $message = strpos($message, "already has hash") ? $message : html_escape($message); + $page->add_block(new Block($title, $message)); } protected function build_upload_block(): string