aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2011-11-05 16:42:59 -0400
committercash <cash.costello@gmail.com>2011-11-05 16:42:59 -0400
commit558f03f0f84a142438de9844b2047be2f050c385 (patch)
treed79fb8e6874d2b0a9935b1737e76b32d7d5d9942
parentb5f88f3e8836464bd9939ac296b673c4b199bf0a (diff)
downloadelgg-558f03f0f84a142438de9844b2047be2f050c385.tar.gz
elgg-558f03f0f84a142438de9844b2047be2f050c385.tar.bz2
Fixes #4023 escaping alt and title attributes in icon views
-rw-r--r--mod/file/views/default/icon/object/file.php3
-rw-r--r--views/default/icon/default.php7
-rw-r--r--views/default/icon/user/default.php2
3 files changed, 7 insertions, 5 deletions
diff --git a/mod/file/views/default/icon/object/file.php b/mod/file/views/default/icon/object/file.php
index ff729da94..51a4469e9 100644
--- a/mod/file/views/default/icon/object/file.php
+++ b/mod/file/views/default/icon/object/file.php
@@ -5,7 +5,7 @@
* @uses $vars['entity'] The entity the icon represents - uses getIconURL() method
* @uses $vars['size'] topbar, tiny, small, medium (default), large, master
* @uses $vars['href'] Optional override for link
- * @uses $vars['link_class'] Optional CSS class added to img
+ * @uses $vars['link_class'] Optional CSS class added to link
*/
$entity = $vars['entity'];
@@ -17,6 +17,7 @@ if (!in_array($vars['size'], $sizes)) {
}
$title = $entity->title;
+$title = htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false);
$url = $entity->getURL();
if (isset($vars['href'])) {
diff --git a/views/default/icon/default.php b/views/default/icon/default.php
index 533b92c43..6aeef204b 100644
--- a/views/default/icon/default.php
+++ b/views/default/icon/default.php
@@ -5,9 +5,9 @@
* @package Elgg
* @subpackage Core
*
- * @uses $vars['entity'] The entity the icon represents - uses getIconURL() method
- * @uses $vars['size'] topbar, tiny, small, medium (default), large, master
- * @uses $vars['href'] Optional override for link
+ * @uses $vars['entity'] The entity the icon represents - uses getIconURL() method
+ * @uses $vars['size'] topbar, tiny, small, medium (default), large, master
+ * @uses $vars['href'] Optional override for link
* @uses $vars['img_class'] Optional CSS class added to img
*/
@@ -26,6 +26,7 @@ if (isset($entity->name)) {
} else {
$title = $entity->title;
}
+$title = htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false);
$url = $entity->getURL();
if (isset($vars['href'])) {
diff --git a/views/default/icon/user/default.php b/views/default/icon/user/default.php
index 0eb3691bd..906371cf8 100644
--- a/views/default/icon/user/default.php
+++ b/views/default/icon/user/default.php
@@ -26,7 +26,7 @@ if (!($user instanceof ElggUser)) {
return true;
}
-$name = htmlspecialchars($user->name, ENT_QUOTES, 'UTF-8');
+$name = htmlspecialchars($user->name, ENT_QUOTES, 'UTF-8', false);
$username = $user->username;
$icontime = $user->icontime;