diff options
| author | ewinslow <ewinslow@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-11-20 08:25:52 +0000 | 
|---|---|---|
| committer | ewinslow <ewinslow@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-11-20 08:25:52 +0000 | 
| commit | 9f41e8b1a34044d654ce3c6381efe3b3e2030c35 (patch) | |
| tree | 28ac27966e2c0b7726a865138eb6a21f7f38dad1 | |
| parent | a906ef7dcc58bce7f54b5b3a2c2692b84f6a1b54 (diff) | |
| download | elgg-9f41e8b1a34044d654ce3c6381efe3b3e2030c35.tar.gz elgg-9f41e8b1a34044d654ce3c6381efe3b3e2030c35.tar.bz2 | |
Fixes #2036: using htmlspecialchars in output views
git-svn-id: http://code.elgg.org/elgg/trunk@7368 36083f99-b078-4883-b0ff-0f9b5a30f544
| -rw-r--r-- | views/default/output/calendar.php | 2 | ||||
| -rw-r--r-- | views/default/output/confirmlink.php | 2 | ||||
| -rw-r--r-- | views/default/output/email.php | 2 | ||||
| -rw-r--r-- | views/default/output/friendlytime.php | 2 | ||||
| -rw-r--r-- | views/default/output/pulldown.php | 2 | ||||
| -rw-r--r-- | views/default/output/tagcloud.php | 2 | ||||
| -rw-r--r-- | views/default/output/tags.php | 2 | ||||
| -rw-r--r-- | views/default/output/text.php | 2 | ||||
| -rw-r--r-- | views/default/output/url.php | 6 | 
9 files changed, 11 insertions, 11 deletions
| diff --git a/views/default/output/calendar.php b/views/default/output/calendar.php index f791d435e..8729fa1c5 100644 --- a/views/default/output/calendar.php +++ b/views/default/output/calendar.php @@ -13,5 +13,5 @@  if (is_int($vars['value'])) {  	echo date("F j, Y", $vars['value']);  } else { -	echo htmlentities($vars['value'], ENT_QUOTES, 'UTF-8'); +	echo htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8');  }
\ No newline at end of file diff --git a/views/default/output/confirmlink.php b/views/default/output/confirmlink.php index 4d1bc0ab9..bce06305a 100644 --- a/views/default/output/confirmlink.php +++ b/views/default/output/confirmlink.php @@ -26,4 +26,4 @@ if (isset($vars['class']) && $vars['class']) {  	$class = '';  }  ?> -<a href="<?php echo $link; ?>" <?php echo $class; ?> onclick="return confirm('<?php echo addslashes($confirm); ?>');"><?php echo htmlentities($vars['text'], ENT_QUOTES, 'UTF-8'); ?></a> +<a href="<?php echo $link; ?>" <?php echo $class; ?> onclick="return confirm('<?php echo addslashes($confirm); ?>');"><?php echo htmlspecialchars($vars['text'], ENT_QUOTES, 'UTF-8'); ?></a> diff --git a/views/default/output/email.php b/views/default/output/email.php index 02d2e67e0..8f5c092b9 100644 --- a/views/default/output/email.php +++ b/views/default/output/email.php @@ -11,5 +11,5 @@   */  if (!empty($vars['value'])) { -	echo "<a href=\"mailto:" . $vars['value'] . "\">". htmlentities($vars['value'], ENT_QUOTES, 'UTF-8') ."</a>"; +	echo "<a href=\"mailto:" . $vars['value'] . "\">". htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8') ."</a>";  }
\ No newline at end of file diff --git a/views/default/output/friendlytime.php b/views/default/output/friendlytime.php index 710079c2a..22f60d517 100644 --- a/views/default/output/friendlytime.php +++ b/views/default/output/friendlytime.php @@ -7,6 +7,6 @@   */  $friendly_time = elgg_get_friendly_time($vars['time']); -$timestamp = htmlentities(date(elgg_echo('friendlytime:date_format'), $vars['time'])); +$timestamp = htmlspecialchars(date(elgg_echo('friendlytime:date_format'), $vars['time']));  echo "<acronym title=\"$timestamp\">$friendly_time</acronym>"; diff --git a/views/default/output/pulldown.php b/views/default/output/pulldown.php index df58bebfe..c597eb5c9 100644 --- a/views/default/output/pulldown.php +++ b/views/default/output/pulldown.php @@ -10,4 +10,4 @@   *   */ -echo htmlentities($vars['value'], ENT_QUOTES, 'UTF-8'); //$vars['value'];
\ No newline at end of file +echo htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8'); //$vars['value'];
\ No newline at end of file diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index c7e87f688..d28fbf05f 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -58,7 +58,7 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {  			$size = 100;  		}  		$url = elgg_get_site_url()."pg/search/?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; -		$list .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\" style=\"text-decoration:none;\">" . htmlentities($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>"; +		$list .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\" style=\"text-decoration:none;\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>";  	}  	$cloud .= "$list</div>"; diff --git a/views/default/output/tags.php b/views/default/output/tags.php index 6c8115d54..1dbf14a7d 100644 --- a/views/default/output/tags.php +++ b/views/default/output/tags.php @@ -43,7 +43,7 @@ if (!empty($vars['tags'])) {  			$type = "";  		}  		if (is_string($tag)) { -			$tagstr .= "<a rel=\"tag\" href=\"".elgg_get_site_url()."pg/search/?q=".urlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}\">" . htmlentities($tag, ENT_QUOTES, 'UTF-8') . "</a>"; +			$tagstr .= "<a rel=\"tag\" href=\"".elgg_get_site_url()."pg/search/?q=".urlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}\">" . htmlspecialchars($tag, ENT_QUOTES, 'UTF-8') . "</a>";  		}  	}  	echo $tagstr; diff --git a/views/default/output/text.php b/views/default/output/text.php index e0194099b..f95e2d7fd 100644 --- a/views/default/output/text.php +++ b/views/default/output/text.php @@ -10,4 +10,4 @@   *   */ -echo htmlentities($vars['value'], ENT_QUOTES, 'UTF-8'); // $vars['value'];
\ No newline at end of file +echo htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8'); // $vars['value'];
\ No newline at end of file diff --git a/views/default/output/url.php b/views/default/output/url.php index 23b774198..6e77a1984 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -7,7 +7,7 @@   * @subpackage Core   *   * @uses string $vars['text']        The string between the <a></a> tags. - * @uses bool   $vars['encode_text'] Run $vars['text'] through htmlentities()? + * @uses bool   $vars['encode_text'] Run $vars['text'] through htmlspecialchars()?   * @uses bool   $vars['is_action']   Is this a link to an action?   *   */ @@ -21,14 +21,14 @@ if (!$url and isset($vars['value'])) {  if (!empty($url)) {
  	if (isset($vars['text'])) {  		if (isset($vars['encode_text']) && $vars['encode_text']) { -			$text = htmlentities($vars['text'], ENT_QUOTES, 'UTF-8'); +			$text = htmlspecialchars($vars['text'], ENT_QUOTES, 'UTF-8');  		} else {  			$text = $vars['text'];  		}  		unset($vars['text']);  	} else { -		$text = htmlentities($url, ENT_QUOTES, 'UTF-8'); +		$text = htmlspecialchars($url, ENT_QUOTES, 'UTF-8');  	}  	unset($vars['encode_text']); | 
