2 files changed, 14 insertions, 10 deletions

diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php
index d72d04eb7..d6dce2528 100644
--- a/mod/file/actions/file/upload.php
+++ b/mod/file/actions/file/upload.php
@@ -6,7 +6,7 @@
  */
 
 // Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
 $desc = get_input("description");
 $access_id = (int) get_input("access_id");
 $container_guid = (int) get_input('container_guid', 0);
@@ -44,7 +44,7 @@ if ($new_file) {
 
 	// if no title on new upload, grab filename
 	if (empty($title)) {
-		$title = $_FILES['upload']['name'];
+		$title = htmlspecialchars($_FILES['upload']['name'], ENT_QUOTES, 'UTF-8');
 	}
 
 } else {
diff --git a/mod/file/start.php b/mod/file/start.php
index 172042332..846ce1839 100644
--- a/mod/file/start.php
+++ b/mod/file/start.php
@@ -121,8 +121,12 @@ function file_page_handler($page) {
 			file_register_toggle();
 			include "$file_dir/friends.php";
 			break;
-		case 'view':
 		case 'read': // Elgg 1.7 compatibility
+			$entity = get_entity((int) $page[1]);
+			if ($entity) {
+				elgg_set_page_owner_guid($entity->getContainerGUID());
+			}
+		case 'view':
 			set_input('guid', $page[1]);
 			include "$file_dir/view.php";
 			break;
@@ -200,13 +204,9 @@ function file_notify_message($hook, $entity_type, $returnvalue, $params) {
 	if (($entity instanceof ElggEntity) && ($entity->getSubtype() == 'file')) {
 		$descr = $entity->description;
 		$title = $entity->title;
+		$url = elgg_get_site_url() . "view/" . $entity->guid;
 		$owner = $entity->getOwnerEntity();
-		return elgg_echo('file:notification', array(
-			$owner->name,
-			$title,
-			$descr,
-			$entity->getURL()
-		));
+		return $owner->name . ' ' . elgg_echo("file:via") . ': ' . $entity->title . "\n\n" . $descr . "\n\n" . $entity->getURL();
 	}
 	return null;
 }
@@ -237,6 +237,10 @@ function file_owner_block_menu($hook, $type, $return, $params) {
  * @return string The overall type
  */
 function file_get_simple_type($mimetype) {
+		
+	if ($simpletype = elgg_trigger_plugin_hook('file:simpletype', $mimetype, null, null)) {
+		return $simpletype;
+	}
 
 	switch ($mimetype) {
 		case "application/msword":
@@ -410,4 +414,4 @@ function file_icon_url_override($hook, $type, $returnvalue, $params) {
 		$url = elgg_trigger_plugin_hook('file:icon:url', 'override', $params, $url);
 		return $url;
 	}
-}
\ No newline at end of file
+}