From 1853efa883a8a45f27fdac25f7151c883253adfa Mon Sep 17 00:00:00 2001
From: czaks <marcin@6irc.net>
Date: Sun, 6 Jul 2014 01:20:42 +0200
Subject: [PATCH] SECURITY: backport fix for #70 for 4.5. reported by Barrucadu

---
 templates/post_reply.html  | 2 +-
 templates/post_thread.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/post_reply.html b/templates/post_reply.html
index ab0dc9da..6fba3c1e 100644
--- a/templates/post_reply.html
+++ b/templates/post_reply.html
@@ -35,7 +35,7 @@
 			{% if config.show_filename and post.filename %}
 				, 
 				{% if post.filename|length > config.max_filename_display %}
-					<span class="postfilename" title="{{ post.filename|e }}">{{ post.filename|truncate(config.max_filename_display)|bidi_cleanup }}</span>
+					<span class="postfilename" title="{{ post.filename|e|bidi_cleanup }}">{{ post.filename|truncate(config.max_filename_display)|e|bidi_cleanup }}</span>
 				{% else %}
 					<span class="postfilename">{{ post.filename|e|bidi_cleanup }}</span>
 				{% endif %}
diff --git a/templates/post_thread.html b/templates/post_thread.html
index cd8ba74a..252e6f11 100644
--- a/templates/post_thread.html
+++ b/templates/post_thread.html
@@ -24,7 +24,7 @@
 		{% if config.show_filename and post.filename %}
 			, 
 			{% if post.filename|length > config.max_filename_display %}
-				<span class="postfilename" title="{{ post.filename|e }}">{{ post.filename|truncate(config.max_filename_display)|bidi_cleanup }}</span>
+				<span class="postfilename" title="{{ post.filename|e|bidi_cleanup }}">{{ post.filename|truncate(config.max_filename_display)|e|bidi_cleanup }}</span>
 			{% else %}
 				<span class="postfilename">{{ post.filename|e|bidi_cleanup }}</span>
 			{% endif %}