diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-10 18:36:31 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-10 18:36:31 +0000 |
| commit | 2dafe0c1880b922d75a288f371fa976066589fd7 (patch) | |
| tree | db0704ce5abbb65812c56745532b12358bcd0264 /views/default | |
| parent | 5788ca8fea363eb5b5298a46b7f087ff3bec953d (diff) | |
| download | elgg-2dafe0c1880b922d75a288f371fa976066589fd7.tar.gz elgg-2dafe0c1880b922d75a288f371fa976066589fd7.tar.bz2 | |
Closes #756: htmlentities on all output forms
git-svn-id: https://code.elgg.org/elgg/trunk@2711 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default')
| -rw-r--r-- | views/default/output/calendar.php | 2 | ||||
| -rw-r--r-- | views/default/output/confirmlink.php | 2 | ||||
| -rw-r--r-- | views/default/output/email.php | 2 | ||||
| -rw-r--r-- | views/default/output/longtext.php | 4 | ||||
| -rw-r--r-- | views/default/output/pulldown.php | 2 | ||||
| -rw-r--r-- | views/default/output/tagcloud.php | 2 | ||||
| -rw-r--r-- | views/default/output/tags.php | 4 | ||||
| -rw-r--r-- | views/default/output/text.php | 2 | ||||
| -rw-r--r-- | views/default/output/url.php | 2 |
9 files changed, 12 insertions, 10 deletions
diff --git a/views/default/output/calendar.php b/views/default/output/calendar.php index cefe9577c..e31290e6a 100644 --- a/views/default/output/calendar.php +++ b/views/default/output/calendar.php @@ -18,7 +18,7 @@ if (is_int($vars['value'])) { echo date("F j, Y", $vars['value']); } else { - echo $vars['value']; + echo htmlentities($vars['value'], null, 'UTF-8'); } ?>
\ No newline at end of file diff --git a/views/default/output/confirmlink.php b/views/default/output/confirmlink.php index fb6d5a893..2ef3ad14b 100644 --- a/views/default/output/confirmlink.php +++ b/views/default/output/confirmlink.php @@ -21,4 +21,4 @@ if (!$confirm)
$confirm = elgg_echo('question:areyousure');
?>
-<a href="<?php echo $vars['href']; ?>" onclick="return confirm('<?php echo addslashes($confirm); ?>');"><?php echo $vars['text']; ?></a>
\ No newline at end of file +<a href="<?php echo $vars['href']; ?>" onclick="return confirm('<?php echo addslashes($confirm); ?>');"><?php echo htmlentities($vars['text'], null, 'UTF-8'); ?></a>
\ No newline at end of file diff --git a/views/default/output/email.php b/views/default/output/email.php index db3cdd6fa..e6b406507 100644 --- a/views/default/output/email.php +++ b/views/default/output/email.php @@ -16,6 +16,6 @@ */
if (!empty($vars['value'])) {
- echo "<a href=\"mailto:" . $vars['value'] . "\">". $vars['value'] ."</a>";
+ echo "<a href=\"mailto:" . $vars['value'] . "\">". htmlentities($vars['value'], null, 'UTF-8') ."</a>";
}
?>
\ No newline at end of file diff --git a/views/default/output/longtext.php b/views/default/output/longtext.php index a240e3267..b35234350 100644 --- a/views/default/output/longtext.php +++ b/views/default/output/longtext.php @@ -15,5 +15,7 @@ *
*/
- echo autop($vars['value']);
+ global $CONFIG;
+
+ echo autop(filter_tags($vars['value'], $CONFIG->allowedtags, $CONFIG->allowedprotocols));
?>
\ No newline at end of file diff --git a/views/default/output/pulldown.php b/views/default/output/pulldown.php index a743c4a05..8b1173842 100644 --- a/views/default/output/pulldown.php +++ b/views/default/output/pulldown.php @@ -15,5 +15,5 @@ *
*/
- echo $vars['value'];
+ echo htmlentities($vars['value'], null, 'UTF-8'); //$vars['value'];
?>
\ No newline at end of file diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index e023b6311..43f7b80b0 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -43,7 +43,7 @@ if (!empty($cloud)) $cloud .= ", ";
$size = round((log($tag->total) / log($max)) * 100) + 30;
if ($size < 60) $size = 60;
- $cloud .= "<a href=\"" . $vars['url'] . "search/?tag=". urlencode($tag->tag) . $object . $subtype . "\" style=\"font-size: {$size}%\" title=\"".addslashes($tag->tag)." ({$tag->total})\" style=\"text-decoration:none;\">" .$tag->tag . "</a>";
+ $cloud .= "<a href=\"" . $vars['url'] . "search/?tag=". urlencode($tag->tag) . $object . $subtype . "\" style=\"font-size: {$size}%\" title=\"".addslashes($tag->tag)." ({$tag->total})\" style=\"text-decoration:none;\">" . htmlentities($tag->tag, null, 'UTF-8') . "</a>";
}
echo $cloud;
diff --git a/views/default/output/tags.php b/views/default/output/tags.php index 70e11ac82..d3d9522bc 100644 --- a/views/default/output/tags.php +++ b/views/default/output/tags.php @@ -45,8 +45,8 @@ } else {
$type = "";
}
- if (is_string($tag)) {
- $tagstr .= "<a rel=\"tag\" href=\"{$vars['url']}tag/".urlencode($tag) . "{$type}{$subtype}{$object}\">{$tag}</a>";
+ if (is_string($tag)) {
+ $tagstr .= "<a rel=\"tag\" href=\"{$vars['url']}tag/".urlencode($tag) . "{$type}{$subtype}{$object}\">" . htmlentities($tag, null, 'UTF-8') . "</a>";
}
}
echo $tagstr;
diff --git a/views/default/output/text.php b/views/default/output/text.php index dfb1c8b0a..db7a5ea90 100644 --- a/views/default/output/text.php +++ b/views/default/output/text.php @@ -15,5 +15,5 @@ *
*/
- echo $vars['value'];
+ echo htmlentities($vars['value'], null, 'UTF-8'); // $vars['value'];
?>
\ No newline at end of file diff --git a/views/default/output/url.php b/views/default/output/url.php index d4c6ce9fa..af4582fba 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -20,7 +20,7 @@ if ((substr_count($val, "http://") == 0) && (substr_count($val, "https://") == 0)) {
$val = "http://" . $val;
}
- echo "<a href=\"{$val}\" target=\"_blank\">{$val}</a>";
+ echo "<a href=\"{$val}\" target=\"_blank\">". htmlentities($val, null, 'UTF-8'). "</a>";
}
?>
\ No newline at end of file |