diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-06 10:08:52 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-06 10:08:52 +0000 |
commit | d4618559386b918a13dac673f31ebd500250da10 (patch) | |
tree | 1d1f00778939dd07744f719e1ac7337438ab7612 | |
parent | eb337414c27bacbf7965a1595977a32ed90954e3 (diff) | |
download | elgg-d4618559386b918a13dac673f31ebd500250da10.tar.gz elgg-d4618559386b918a13dac673f31ebd500250da10.tar.bz2 |
Images and security fixes
git-svn-id: https://code.elgg.org/elgg/trunk@1729 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | views/default/input/button.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/views/default/input/button.php b/views/default/input/button.php index a44ac4913..115324533 100644 --- a/views/default/input/button.php +++ b/views/default/input/button.php @@ -15,9 +15,12 @@ * @uses $vars['js'] Any Javascript to enter into the input tag * @uses $vars['internalname'] The name of the input field * @uses $vars['type'] Submit or reset, defaults to submit. + * @uses $vars['src'] Src of an image * */ + global $CONFIG; + $type = strtolower($vars['type']); switch ($type) { @@ -29,6 +32,7 @@ $value = htmlentities($vars['value']); $name = $vars['internalname']; - + $src = $vars['src']; + if (strpos($src,$CONFIG->wwwroot)===false) $src = ""; // blank src if trying to access an offsite image. ?> -<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php $value; ?>" />
\ No newline at end of file +<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php $value; ?>" src="<?php echo $src; ?>" />
\ No newline at end of file |