diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-07-09 09:08:37 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-07-09 09:08:37 +0000 |
commit | 042cdf2a43e5f226a6303f976fb0b6fb9e91e5df (patch) | |
tree | 8ad1acedd1231f70129a6add4e7c717acede5ac8 /views/default/canvas/layouts | |
parent | 0767904f516fc29ab76807576763e2ff805a1483 (diff) | |
download | elgg-042cdf2a43e5f226a6303f976fb0b6fb9e91e5df.tar.gz elgg-042cdf2a43e5f226a6303f976fb0b6fb9e91e5df.tar.bz2 |
Closes #1113: Htmlentities made UTF-8 and quotes safe.
git-svn-id: https://code.elgg.org/elgg/trunk@3399 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default/canvas/layouts')
-rw-r--r-- | views/default/canvas/layouts/widgets.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/views/default/canvas/layouts/widgets.php b/views/default/canvas/layouts/widgets.php index 8b7789851..22e7bd8dd 100644 --- a/views/default/canvas/layouts/widgets.php +++ b/views/default/canvas/layouts/widgets.php @@ -50,8 +50,8 @@ <input type="hidden" name="multiple" value="<?php if ((isset($widget->handler)) && (isset($widgettypes[$widget->handler]->multiple))) echo $widgettypes[$widget->handler]->multiple; ?>" /> <input type="hidden" name="side" value="<?php if ((isset($widget->handler)) && (isset($widgettypes[$widget->handler])) && (is_array($widgettypes[$widget->handler]->positions))) echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" /> <input type="hidden" name="main" value="<?php if ((isset($widget->handler)) && (isset($widgettypes[$widget->handler])) && (is_array($widgettypes[$widget->handler]->positions))) echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" /> - <input type="hidden" name="handler" value="<?php echo htmlentities($handler); ?>" /> - <input type="hidden" name="description" value="<?php echo htmlentities($widget->description, null, 'UTF-8'); ?>" /> + <input type="hidden" name="handler" value="<?php echo htmlentities($handler, ENT_QUOTES, 'UTF-8'); ?>" /> + <input type="hidden" name="description" value="<?php echo htmlentities($widget->description, ENT_QUOTES, 'UTF-8'); ?>" /> <input type="hidden" name="guid" value="0" /> </h3> </td> @@ -118,7 +118,7 @@ <input type="hidden" name="multiple" value="<?php echo $widgettypes[$widget->handler]->multiple; ?>" /> <input type="hidden" name="side" value="<?php echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" /> <input type="hidden" name="main" value="<?php echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" /> - <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description); ?>" /> + <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description, ENT_QUOTES, 'UTF-8'); ?>" /> <input type="hidden" name="guid" value="<?php echo $widget->getGUID(); ?>" /> </h3> </td> @@ -163,7 +163,7 @@ <input type="hidden" name="multiple" value="<?php echo $widgettypes[$widget->handler]->multiple; ?>" /> <input type="hidden" name="side" value="<?php echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" /> <input type="hidden" name="main" value="<?php echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" /> - <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description); ?>" /> + <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description, ENT_QUOTES, 'UTF-8'); ?>" /> <input type="hidden" name="guid" value="<?php echo $widget->getGUID(); ?>" /> </h3> </td> @@ -204,7 +204,7 @@ <input type="hidden" name="multiple" value="<?php echo $widgettypes[$widget->handler]->multiple; ?>" /> <input type="hidden" name="side" value="<?php echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" /> <input type="hidden" name="main" value="<?php echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" /> - <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description); ?>" /> + <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description, ENT_QUOTES, 'UTF-8'); ?>" /> <input type="hidden" name="guid" value="<?php echo $widget->getGUID(); ?>" /> </h3> </td> |