comment + more reasonable variable name

bibtexbrowser.php

@@ -238,15 +238,16 @@ function _zetDB($bibtex_filenames) {
 
   // ---------------------------- HANDLING unexistent files
   foreach(explode(MULTIPLE_BIB_SEPARATOR, $bibtex_filenames) as $bib) {
-    $saveBib = htmlEntities($bib, ENT_QUOTES);
+    // escape $bib to prevent XSS
+  	$escapedBib = htmlEntities($bib, ENT_QUOTES);
     // get file extension to only allow .bib files
-    $ext = pathinfo($saveBib, PATHINFO_EXTENSION);
+    $ext = pathinfo($escapedBib, PATHINFO_EXTENSION);
     // this is a security protection
-    if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($saveBib) || strcasecmp($ext, 'bib') != 0)) {
+    if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($escapedBib) || strcasecmp($ext, 'bib') != 0)) {
 
      // to automate dectection of faulty links with tools such as webcheck
      header('HTTP/1.1 404 Not found');
-     die('<b>the bib file '.$saveBib.' does not exist !</b>');
+     die('<b>the bib file '.$escapedBib.' does not exist !</b>');
     }
   } // end for each