aboutsummaryrefslogtreecommitdiff
path: root/views
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-07-09 09:08:37 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-07-09 09:08:37 +0000
commit042cdf2a43e5f226a6303f976fb0b6fb9e91e5df (patch)
tree8ad1acedd1231f70129a6add4e7c717acede5ac8 /views
parent0767904f516fc29ab76807576763e2ff805a1483 (diff)
downloadelgg-042cdf2a43e5f226a6303f976fb0b6fb9e91e5df.tar.gz
elgg-042cdf2a43e5f226a6303f976fb0b6fb9e91e5df.tar.bz2
Closes #1113: Htmlentities made UTF-8 and quotes safe.
git-svn-id: https://code.elgg.org/elgg/trunk@3399 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views')
-rw-r--r--views/default/canvas/layouts/widgets.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/views/default/canvas/layouts/widgets.php b/views/default/canvas/layouts/widgets.php
index 8b7789851..22e7bd8dd 100644
--- a/views/default/canvas/layouts/widgets.php
+++ b/views/default/canvas/layouts/widgets.php
@@ -50,8 +50,8 @@
<input type="hidden" name="multiple" value="<?php if ((isset($widget->handler)) && (isset($widgettypes[$widget->handler]->multiple))) echo $widgettypes[$widget->handler]->multiple; ?>" />
<input type="hidden" name="side" value="<?php if ((isset($widget->handler)) && (isset($widgettypes[$widget->handler])) && (is_array($widgettypes[$widget->handler]->positions))) echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" />
<input type="hidden" name="main" value="<?php if ((isset($widget->handler)) && (isset($widgettypes[$widget->handler])) && (is_array($widgettypes[$widget->handler]->positions))) echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" />
- <input type="hidden" name="handler" value="<?php echo htmlentities($handler); ?>" />
- <input type="hidden" name="description" value="<?php echo htmlentities($widget->description, null, 'UTF-8'); ?>" />
+ <input type="hidden" name="handler" value="<?php echo htmlentities($handler, ENT_QUOTES, 'UTF-8'); ?>" />
+ <input type="hidden" name="description" value="<?php echo htmlentities($widget->description, ENT_QUOTES, 'UTF-8'); ?>" />
<input type="hidden" name="guid" value="0" />
</h3>
</td>
@@ -118,7 +118,7 @@
<input type="hidden" name="multiple" value="<?php echo $widgettypes[$widget->handler]->multiple; ?>" />
<input type="hidden" name="side" value="<?php echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" />
<input type="hidden" name="main" value="<?php echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" />
- <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description); ?>" />
+ <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description, ENT_QUOTES, 'UTF-8'); ?>" />
<input type="hidden" name="guid" value="<?php echo $widget->getGUID(); ?>" />
</h3>
</td>
@@ -163,7 +163,7 @@
<input type="hidden" name="multiple" value="<?php echo $widgettypes[$widget->handler]->multiple; ?>" />
<input type="hidden" name="side" value="<?php echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" />
<input type="hidden" name="main" value="<?php echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" />
- <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description); ?>" />
+ <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description, ENT_QUOTES, 'UTF-8'); ?>" />
<input type="hidden" name="guid" value="<?php echo $widget->getGUID(); ?>" />
</h3>
</td>
@@ -204,7 +204,7 @@
<input type="hidden" name="multiple" value="<?php echo $widgettypes[$widget->handler]->multiple; ?>" />
<input type="hidden" name="side" value="<?php echo in_array('side',$widgettypes[$widget->handler]->positions); ?>" />
<input type="hidden" name="main" value="<?php echo in_array('main',$widgettypes[$widget->handler]->positions); ?>" />
- <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description); ?>" />
+ <input type="hidden" name="description" value="<?php echo htmlentities($widgettypes[$widget->handler]->description, ENT_QUOTES, 'UTF-8'); ?>" />
<input type="hidden" name="guid" value="<?php echo $widget->getGUID(); ?>" />
</h3>
</td>